Swascan discovers vulnerabilities on SAP’s Web Applications

Another success for Swascan’s Cyber Security Resarch Team. After the accomplishments gained
with Adobe, Microsoft, Lenovo,Huawei and Nokia it was SAP’s turn, the leading global ERP software
provider, to end up under the watchful eye of Swascan’s magnifying glass. The analysis result
yielded several vulnerabilities of critical level related to SAP’s IT infrastructure.

[pulsante-trial-eng]

Swascan, the Italian Cyber Security Company founded by Pierguido Iezzi and Raoul Chiesa, is the
first cloud-based Cybersecurity Testing platform that allows to identify, analyze and solve the
vulnerabilities of websites and information infrastructure.

The first step

Thanks to their expertise in the field of Cyber Security, Swascan’s experts have isolated some highlevel
criticalities that could have potentially compromised SAP. Following the first phase of
identification, a detailed Responsible Vulnerability Disclosure was drawn up where the
vulnerabilities found were highlighted. These, in the hands of Criminal hackers, could have caused
damage to SAP in the field of data and information security and Business continuity.

A Successful cooperation

Following these steps, Swascan immediately made contact with SAP to inform them about the
discoveries and set up an effective remediation activity designed to close the identified criticalities.
SAP’s case was also discussed by Swascan’s Co-Founder, Pierguido Iezzi: “Because we live in the
era of Cyber Crime as a Service, threats and vulnerabilities are growing exponentially. Those who
have the task of protecting business infrastructures and consumers can no longer remain locked up
in their own silo of expertise. Openness to external know-how and experience has become a must.
This is the spirit in which Swascan’s team worked with SAP’s PSIRT.”

The Swascan Cyber Security Research Team’s analysis of the criticalities showed potential risks in
the field of:

  • Confidentiality;
  • Integrity;
  • Availability.

There’s strength in numbers

This synergy established between Swascan and SAP is the echoes the words of Pierguido Iezzi: the
skills and tools of the Cyber Security experts can only perform to the their maximum if on the
company side there’s a secure IT infrastructure and a qualified staff able to work in maximum
harmony with its counterparts.

Swascan’s work has also been awarded by SAP through its inclusion in the official SAP Product
Security Response Space, the “Hall of Fame” of those who help make their business more secure.

Pierguido Iezzi, CyberSecurity Director
Raoul Chiesa, Swascan co-founder, InfoSec addicted

Swascan Team
www.swascan.com
[email protected]

Security Advisory: Inaz Comunication System HEXPERIENCE v8.8.0
Cybertech Europe 2019, Swascan at the forefront

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.