SAP releases dozens of new SAP Security patches each month, based on the work of external researchers and internal findings. However many customers don't apply them as regular and often as you would expect them to do. Why is this, what risk is involved and how can we improve this?
In real life we see customers struggling to keep up with these often critical patches due to many reasons. In this session we want to share insights we got from doing SAP Security assessments over the years, the difficulties customers struggle with and the risks involved in not applying patches.
To demonstrate the risk of missing SAP Security notes we will use several of the over 75 vulnerabilities discovered by our own research . We will also present some results of a conducted survey and ways of improving security and the process of applying SAP security patches.