Training Details
SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.
This training provides the latest information on SAP specific attacks and remediation / protection activities.
This training starts with an introduction to SAP (No previous SAP knowledge is required), you will learn through several hands-on exercises and demos, how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform.
There is not a better way to fully describe this training than posting our curricula. Also, as we outlined before this is a highly interactive and hands-on training that DOES NOT requires any prior knowledge of SAP. Students will start from scratch and move their way to exploit the most complex SAP vulnerabilities
Day 1
Introduction to SAP
What SAP security used to be in the past
What SAP security is nowadays
Introduction to SAP security tools (the open-source way)
Securing the SAP Infrastructure
SAP Router
SAP Web-dispatcher
The role of a firewall
How to attack and secure: SAP & Windows
How to attack and secure: SAP & Unix
How to attack and secure: SAP & Oracle
How to attack and secure: SAP & HANA
Authentication mechanisms
User Security
Password Policy
Authorizations
SAP Gateway & RFC
SAP Message Server
SAP Management Console
Day 2
SAP Solution Manager
SAP System Landscape Directory
ABAP Security
SAP Back-doors
SAP Updates
Encryption
SAP ICM
SAP J2EE
Understanding the J2EE Framework
Different SAP Web J2EE Applications
J2EE Authentication Mechanisms
SAP JCO
SAP Security Audit Trail
Requirements:
Own laptop with Administrative / root privileges.