Training Details

SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.

This training provides the latest information on SAP specific attacks and remediation / protection activities.

This training starts with an introduction to SAP (No previous SAP knowledge is required), you will learn through several hands-on exercises and demos, how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform.

There is not a better way to fully describe this training than posting our curricula. Also, as we outlined before this is a highly interactive and hands-on training that DOES NOT requires any prior knowledge of SAP. Students will start from scratch and move their way to exploit the most complex SAP vulnerabilities

    Day 1

        Introduction to SAP
        What SAP security used to be in the past
        What SAP security is nowadays
        Introduction to SAP security tools (the open-source way)
        Securing the SAP Infrastructure
        SAP Router
        SAP Web-dispatcher
        The role of a firewall
        How to attack and secure: SAP & Windows
        How to attack and secure: SAP & Unix
        How to attack and secure: SAP & Oracle
        How to attack and secure: SAP & HANA
        Authentication mechanisms
        User Security
        Password Policy
        Authorizations
        SAP Gateway & RFC
        SAP Message Server
        SAP Management Console

    Day 2

        SAP Solution Manager
        SAP System Landscape Directory
        ABAP Security
        SAP Back-doors
        SAP Updates
        Encryption
        SAP ICM
        SAP J2EE
        Understanding the J2EE Framework
        Different SAP Web J2EE Applications
        J2EE Authentication Mechanisms
        SAP JCO
        SAP Security Audit Trail

 

Requirements:

Own laptop with Administrative / root privileges.