SAP Security Assessments

Many organisations have streamlined and automated mission critical business functions within their SAP and other ERP systems. This increases their reliance on these systems to operate efficiently and effectively. Furthermore, these systems contain a treasure trove of sensitive information which can include financial, customer, employee, intellectual property, personally identifiable information and more. The information contained in SAP makes it a prime target for industrial espionage, fraud, and sabotage which can cause significant damage to your business.

Testing of SAP systems requires specialised knowledge and experience. Many traditional network security testing tools and techniques provide little or no coverage for SAP systems, and the common weaknesses which allow nefarious individuals to access or modify your business critical data. SAP has released hundreds of notes relating to configuration weaknesses in default implementations and identified security vulnerabilities, and to test for all of these scenarios requires customised SAP testing tools and scripts to gather the required information in addition to structure assessment methodology.

Sense of Security has experience with SAP and has previously conducted the following types of tests against both Advanced Business Application Programming (ABAP) and JAVA system components:

  • Segregation of Duties (SoD) assessment
  • ABAP code audits
  • SAP configuration review of SAP ERP Central Component (ECC) and many commonly deployed modules
  • Written SAP configuration standards
  • Network penetration testing of SAP infrastructure (network, operating systems, and databases)
  • Network architecture and design reviews
  • Web application penetration testing of SAP Portals, administration interfaces, and other system components

Sense of Security has conducted research into SAP security and has been publicly acknowledged for identifying new vulnerabilities by SAP on their web site and within various SAP security notes. We have successfully conducted numerous SAP security tests for prominent Australian organisations in the public and private sectors.

To discuss how our specialist security services can help protect your organisations most vital information assets please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.

Contact Us