It is well known that criminal, and even state sponsored organizations, stockpile unpatched security issues as cyberweapons or for profit. The question is: how do organizations protect themselves from these attacks and get vulnerabilities disclosed t...
Hi Sick Codes,
Thanks for the comment. Bug bounty programs for SAP applications are indeed currently private and by invitation through 3rd party bounty service providers and after accepting the relevant participation agreements. Bounty rewards are r...
Hi Marco,Our bug bounties are largely for SaaS applications and CVEs here are by exception and in case customers are expected to do something about the security patch implementation. The CVE publications are driven by SAP as a numbering authority and...
Hi, The authentication configuration will be automatically created for the application, based on the login module configuration you (can optionally!!!) setup in web-j2ee-engine.xml. This is described in greater detail here:http://help.sap.com/saphelp...
Hi Shankar, As Wolfgang pointed out you shouldn't directly extract the user ID from the ticket but let the security framework do that for you and then access the user id with the APIs.To get the user for authorization purposes the document here shoul...
