Facebook Pixel

Introduction to SAP cyber security 101 | attack & defence

Many of the world’s corporations use SAP for their business critical processes. Protecting business data is therefore of the upmost importance. Historically, SAP security has been synonymous with roles & authorizations, but from a security perspective this only touches a fraction of what needs to be taken into consideration in order to really secure your SAP landscape.

Dager: 3

Pris: 25 000

Kurskategori: SAP

Underkategori: Sikkerhet

Kursdatoer er ikke helt avklart ennå, men kontakt [email protected] for påmelding!

From this SAP cyber security training you will get a structured introduction to SAP security, covering key components in a typical SAP ABAP landscape. Via demos and hands-on exercises, you will learn how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform. You will also learn how to protect your own SAP landscape against the top SAP cyber security risks companies face today.

During the training, all participants will obtain an own account in a live SAP environment as well as access to a penetration test distribution containing all tools required to perform the various training exercises.

We are convinced participants learn most by doing. Therefore, this course will consist of 50%+ practical exercises. Preliminary SAP security knowledge is not required.

Goals

  • Obtain an introductory overview of key SAP cyber security risks; both in functional and technical terms
  • Learn about the typical SAP landscape components and architecture
  • Learn vulnerability exploitation techniques such as SAP password cracking, interface breaching, privilege escalation, etc.
  • Obtain the knowledge and tool set to perform an initial vulnerability assessment, audit and penetration test on SAP environments.
  • Learn how to protect your own SAP environment (application, database and OS layer)

Audience

  • IT auditor
  • SOC team members
  • IT or SAP system administrator
  • IT or SAP system architect
  • IT or SAP security team

Prerequisites

Bring your own laptop. Everything else will be provided by the trainers

Course based on software release

N/A

Content

Introduction

  • Introduction to SAP
  • History of SAP cyber security
  • Architecture and components of a typical SAP landscape
  • Security threats to your system and the business data within

SAP Cybersecurity in detail

  • Holistic overview of SAP security
  • SAP identity, account & access management concepts
  • Authorization & authentication
  • Application layer security
  • Database, operating system & network security

Offense

  • Common attacks on SAP systems, including multiple live demo’s & exercises
  • Black and white box attacks
  • SAP password cracking
  • Privilege escalation
  • SAP landscape pivoting
  • How to report findings and what does this mean for the company

Defence

  • Protecting SAP systems against common attacks, including multiple live demo’s & exercises
  • The specific gatekeeping functionality of the SAP message server, gateway, router and web dispatcher & how to configure them.
  • SAP log management & SIEM integration
  • Defensive tooling which can help you in protecting your SAP landscape like GRC, Solution Manager, ETD, etc.

Kursdatoer er ikke helt avklart ennå, men kontakt [email protected] for påmelding!

Kursinstruktør

KPMG Joachim KalandKPMG Advisory

Joachim Kaland is currently the Head of SAP Cybersecurity at Orkla, the leading branded consumer goods company in the Nordics. He has over 15 years of experience with SAP systems, mainly in the security domain. With an extensive background in all aspects of SAP cybersecurity from both consulting and head of internal SAP security departments, he is well positioned to explain not only the theory but also the practical side of implementing SAP cybersecurity, governance, risk and compliance measures in the company.

Kris Wauters is an independent SAP cyber security consultant with 12+ years of BIG4 experience in the domains of SAP secure architecture, SAP cyber security assessments & penetration tests and SAP GRC & authorizations. He was responsible for the design, implementation and continuous monitoring of related remediating controls at large international organizations.

Ønsker du å samle flere ansatte til et bedriftsinternt kurs?

Finner du ikke det helt optimale kurset eller kombinasjonen av kurs? Da ordner vi det - sammen. Vi kan tilrettelegge kurs slik at de inneholder akkurat det dere har behov for. Vi kan sette opp et helt nytt kurs, eller tilpasse eksisterende kurs og materiell. Flere medarbeidere kan selvfølgelig også samles til et eget felles kurs, for maksimal effektivitet. Ta kontakt med meg for et forslag til gjennomføring og et tilbud basert på deres behov.

Heidi Jakobsen Strømme
Produktansvarlig kurs