The global and independent platform for the SAP community.

Cyber attacks: TU Darmstadt relies on Virtual Forge

SAP security at the push of a button: This is the motto that the Technical University (TU) of Darmstadt is putting into practice with the analysis tools from Virtual Forge, which is now part of Onapsis.
January 8, 2020
Cyber attacks: TU Darmstadt relies on Virtual Forge
This text has been automatically translated from German to English.

With around 26,000 students and 4700 employees, the TU Darmstadt is one of the leading technical universities in Germany.

Here, SAP is used both in the central university administration and in the departments, institutes and decentralized facilities to control central business processes: from budget and personnel management to construction and real estate management to third-party funding management and controlling.

"If an SAP system fails, essential administrative processes can come to a standstill"

reports Dorothee Krohberger-Stock, who heads the SAP CCoE and IT and process coordination at Darmstadt Technical University.

To prevent operational disruptions and be prepared against external and internal cyber attacks, SAP managers planned to install an effective SAP security concept.

To this end, three areas were initially identified: system configurations, system-critical authorizations, and Abap custom developments. Since manual analyses of these audit areas would exceed the available resources, the decision was made to use the SAP security tools from Virtual Forge.

Silke Kubelka

Faulty configurations detected

In 2014, for example, TU Darmstadt introduced the SystemProfiler to automatically identify and eliminate faulty or suboptimal configurations in the SAP systems.

The tool combines many years of security know-how with current security guidelines and recommendations, for example from SAP, the German-speaking SAP User Group (DSAG) and the German Federal Office for Information Security (BSI).

"With the SystemProfiler, we can analyze all SAP system settings at the push of a button."

Silke Kubelka, who heads SAP applications at Darmstadt Technical University, sums up the advantages.

"If errors and weaknesses are discovered, many parameters and settings can be adjusted quickly and easily."

In addition, the solution is used to check system-critical SAP authorizations. Automatically, the tool detects when a user has access rights based on multiple assigned roles that, taken together, could lead to an SAP security risk.

Used during the import of SAP updates, the SystemProfiler helps to adapt maintenance adjustments made or new systems with the best practices configuration.

Dorothee Krohberger Stock

Abap modifications in sight

The CodeProfiler is also used regularly to identify risks and optimization potential in the Abap customer code (Z namespace). TU Darmstadt uses it to check the existing SAP in-house developments for security, compliance, quality and S/4 Hana suitability.

At the same time, the tool will be used in the future for the acceptance of new programs and add-ons that are developed internally or by external partners and service providers. If weak points in the code come to light in the process, clean-up measures are initiated.

This prevents corrupt code from getting into the existing SAP systems. In order to keep the operating costs as low as possible, the TU Darm- city uses the CodeProfiler "as a Service".

"Since we only develop or have our own Abap code developed to a limited extent, the cloud offering accommodates our desire to use the tool on an as-needed basis"

explains Dorothee Krohberger- Stock.

"Our long-term goal is to ensure that all of our SAP custom developments are robust, secure, maintainable, and compatible with emerging requirements such as Hana."

"The combined use of the two analysis tools has enabled us to increase the security and quality of our SAP applications"

SAP application manager Silke Kubelka takes stock.

"In all three defined testing areas, these tools largely meet our security and compliance requirements."

Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.