This course provides the latest information on SAP-specific cyber-attacks and protection techniques. SAP platforms contain the business-critical information of the largest organizations in the world. While leading companies are protecting their businesses from modern threats against ERP systems, there are still many who are prone to SAP application-layer vulnerabilities that are exposing them to espionage, sabotage and financial fraud attacks. In this intensive hands-on course, with over ten (10) live demonstrations and numerous exercises (20), the training will help you answer the following questions:

1. Do you know how to assess or check whether the organizations SAP Platform is secure?
2. What is the potential impact to the organization if its SAP Platform is attacked?
3. Do you know how to prevent the attacks?
4. What are the best practices to effectively mitigate them and protect business-critical information?

Utilizing FREE tools are an important part of the course and you will learn to master Onapsis Bizploit, the first open-source ERP penetration testing framework. You get real-time feedback on whether your systems are exposed to the critical attack vectors. The hands-on exercises will teach you the industry-standard methodology to perform SAP application vulnerability assessments, security audits, and penetration tests.

The training you will receive in this course is unique and valuable because the instructors have worked with some of the largest companies (thousands of SAP users) in the world, understand how SAP systems function in the real world, and stay up-to-date on common attacks and threats. They have evaluated over 2,000 SAP Application Servers, and 95% are exposed to espionage, sabotage, and fraud.

You will understand why Segregation of Duties controls (enforced by strict SAP user roles and profiles) are not enough to protect an SAP system, and how malicious hackers could break into unsecured systems anonymously, even without having a valid user. With a unique focus on the SAP application layer, you will learn the key security aspects of several SAP proprietary components and technologies, such as the SAProuter, SAP Web Dispatcher, SAP Gateway, SAP Message Server, SAP Web Applications (Enterprise Portal, WebAS and ITS), the SAP RFC and P4 interfaces, SAP Solution Manager, SAP Management Console, SAP-specific backdoors and rootkits, SAP forensics, ABAP code vulnerabilities and much more!

Previous SAP expertise is NOT required!