A mix of standardized and proprietary application and management protocols and gateway systems in an SAP system landscape creates difficulties for intrusion detection on the network level what you can do to detect living off the land approaches and protocol-specific attacks in an SAP network.

Sufficiently hardened operating systems are fundamental to an SAP system's security. Attackers with access to the host level can otherwise create severe damage to the SAP system and pivot their attack into other environments like industrial control systems. You'll learn how the SAP application interacts with the host's operating system and the prevalent threats; how you can identify if application-specific operating system hardening measures have been carried out sufficiently.

The RFC Gateway and Message Server issue essential services to make its components work and to interact with the system remotely. They provide capabilities also to support various legacy integrations and operating scenarios. Some of them are not compatible with nowadays security requirements. You'll learn how to harden these system components to mitigate the inherent risk of some SAP proprietary protocols' design flaws.

The remote function call protocol (RFC) is the protocol of choice for many system-to-system communication scenarios. Hardening RFC communication requires knowledge about different encryption and authentication constraints and protection capabilities on different protocol levels. You'll learn best practices to harden RFC-based communication using proper encryption for integrity, confidentiality, different authentication scenarios, whitelisting, and trust relations.

To protect against opponents, you need to understand how they think and act. You'll learn what are the fundamental attack vectors of cybercriminals when attacking SAP systems. You'll understand what tactics are used to spoof user identities, tampering the system or data, disclose information, create a denial of service, or elevate privileges. These tactics work by exploiting common weaknesses and flaws of the architecture, design, and misconfiguration of an SAP environment. You'll get a fundamental understanding of the tactics and the pre-requisites of an attacker to succeed.

SAP provides some proprietary clients for their software solutions for different purposes, from the end-user, data analyst to the system administrator, and developer. These clients come with different capabilities to interact with the user's personal computer operating system and have various security traits. You'll learn how and by what prerequisites attackers can use these proprietary clients to get a foothold into a corporate network or impersonate a user in an SAP system. You'll understand as a result what are the security specifics of SAP GUI, SAP Business Client, ABAP Development, and HANA Tools  compared to a web browser

Monitoring security-related events on interfaces and unintentional changes to an SAP system's configuration is fundamental to detect malicious activities. In this course, you'll learn what approaches and standard tools and event sources are available to detect critical events on a system's configuration and interfaces and what their limitations are.

The user authorization concept in SAP is often different from other software. To determine security flaws in an SAP authorization concept, you'll need to understand the general approach of SAP user access control. You'll learn the SAP concept of roles, profiles, and authorization objects, the tools to manage access and authorization definitions, and the assignment to users.

Dividing access to assets in ownership of different parts of an organization or legally separated entities is are security and compliance challenges. Many regulations like HIPA, GDPR, and SOX require such organizational measures and their technical enforcement. To identify flaws in the implementation of such requirements, you'll learn the fundamental concepts of structural authorizations in SAP and how to analyze a setup.

Elevating privileges by assigning critical authorizations and impersonating legitimate users are common approaches by adversaries. You'll learn which logs and traces for user access and authorization changes are available in an SAP system and how you can access them to identify relevant events.

Restricting the assignment of remote execution authorization on a user level is essential to implement the least privilege principle. To minimize this attack surface, you'll learn the best practices to revoke too widely given remote execution authorization by considering business continuity impacts and set up a monitoring and continuous improvement process.

Like with all programming languages, ABAP based applications can contain security flaws. Because of different programming paradigms, frameworks, and runtimes for ABAP, the exploitability of a flaw and security code measures can vary. You'll learn to identify HANA stored procedure vulnerabilities in their different ABAP code variations and what threats they can pose to the SAP system.

Like with all programming languages, ABAP based applications can contain security flaws. Because of different programming paradigms, frameworks, and runtimes for ABAP, the exploitability of a flaw and security code measures can vary. You'll learn to identify code flaws due to missing or erroneous control flow that can allow privilege escalation and what threats they can pose to the SAP system.