Introduction to SAP cyber security 101 | attack & defence

From this SAP cyber security training you will get a structured introduction to SAP security, covering key components in a typical SAP ABAP landscape. Via demos and hands-on exercises, you will learn how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform. You will also learn how to protect your own SAP landscape against the top SAP cyber security risks companies face today.

During the training, all participants will obtain an own account in a live SAP environment as well as access to a penetration test distribution containing all tools required to perform the various training exercises.

We are convinced participants learn most by doing. Therefore, this course will consist of 50%+ practical exercises. Preliminary SAP security knowledge is not required.

Goals

• Obtain an introductory overview of key SAP cyber security risks; both in functional and technical terms
• Learn about the typical SAP landscape components and architecture
• Learn vulnerability exploitation techniques such as SAP password cracking, interface breaching, privilege escalation, etc.
• Obtain the knowledge and tool set to perform an initial vulnerability assessment, audit and penetration test on SAP environments.
• Learn how to protect your own SAP environment (application, database and OS layer)

Audience

• IT auditor
• SOC team members
• IT or SAP system administrator
• IT or SAP system architect
• IT or SAP security team

Prerequisites

Bring your own laptop. Everything else will be provided by the trainers

Course based on software release

N/A

Content

Introduction

• Introduction to SAP
• History of SAP cyber security
• Architecture and components of a typical SAP landscape
• Security threats to your system and the business data within

SAP Cybersecurity in detail

• Holistic overview of SAP security
• SAP identity, account & access management concepts
• Authorization & authentication
• Application layer security
• Database, operating system & network security

Offense

• Common attacks on SAP systems, including multiple live demo’s & exercises
• Black and white box attacks
• SAP password cracking
• Privilege escalation
• SAP landscape pivoting
• How to report findings and what does this mean for the company

Defence

• Protecting SAP systems against common attacks, including multiple live demo’s & exercises
• The specific gatekeeping functionality of the SAP message server, gateway, router and web dispatcher & how to configure them.
• SAP log management & SIEM integration
• Defensive tooling which can help you in protecting your SAP landscape like GRC, Solution Manager, ETD, etc.