A Comprehensive Leap into the Security Traits of Critical SAP Systems
for Security Professionals

Live Online Training
Fundamentals of Assessing Security Controls and the Security Posture of SAP Systems

Finally, a course to demystify SAP for security professionals! In this Live Online Training, penetration testers and application security experts take a deep dive into the security traits of SAP technology and the organizations and processes running them in boot camp style. After an extensive four-day training, you can organize, plan and conduct assessments on critical SAP business applications in a gray-box approach resulting in a comprehensive description of the security posture of an SAP system. You will learn how to perform vulnerability assessments, code security reviews, access audits, penetration tests, and red-team engagements in an SAP landscape by providing crystal-clear findings and recommendations SAP organizations can relate to. This training is hands-on, structured with a mix of exercises, demonstrations and coaching. New knowledge and skills become directly applicable and easier to recall later. Access to a practice lab along with a ready-to-use set of SAP-specific and agnostic assessment tools provides you with a boilerplate for your future tool chain and SAP security intelligence sources.
Duration

36 hours

Live instructor:

Learners

Maximum 14 Learners

Language Options

English or German

Certification

 Certificate Upon Completion

Price

€ 3,200
per learner

Who’s a Good Fit

 Penetration Tester or Red Teamer
 Application Security Expert
 Blue Teamer
 IT Security Auditor

A Taste of What You Will Learn:

  • Learn how to conduct a comprehensive reconnaissance for SAP software installations on the internet or in a corporate network environment to identify targets and understand network protection measures
  • Understand common security issues related to the typical use of SAP business software applications to create more specific and practical advice to remediate or mitigate identified vulnerabilities
  • Identify common vulnerabilities caused by insufficient hardening of SAP system components or their interaction and how they can be used to compromise a system completely
  • Learn the security traits of some SAP proprietary remote protocols and how an attacker can leverage them for lateral movement and exploitation
  • Take a journey through the typical roles in an SAP IT department to understand their security responsibilities and conflicts of interest to ask the right stakeholders about information or support required for an assessment or to exploit the organization's processes and traits like attackers do
  • Gain practical experience to identify and proof the exploit-ability of vulnerabilities without causing business disruption to implement a safe approach to assess the security state of your SAP environment
  • Understand the different options on how to defend an SAP system against the most common attacks and adversarial techniques by putting SAP-specific and agnostic protective measures in place

Course Information

Overview
Who's a Good Fit
Prerequisites
Practice Environment Tools

Audit Line of Defense

  • Penetration Tester or Red Teamer
  • Application Security Expert
  • Blue Teamer
  • IT Security Auditor

Who Else Might Be A Good Fit

If you have a traditional background in SAP operations and database administration and want to get into cybersecurity this course is a great fit to help you expand your existing skills with a security point of view

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role Title Work Role ID
(SAP) Secure Software Assessor
 SP-DEV-002
SAP Security Control Assessor
SP-RSK-002

Mandatory:

  • Good  knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defence-in-depth)
  • General understanding of Security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA])
  • General knowledge of Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark- Wilson integrity model)
  • Good understanding of Penetration testing principles, tools, and techniques
  • Common understanding of common security controls related to the use, processing, storage, and transmission
  • Good understanding of typical Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Familiarity of  working with command line applications and Unix shells

 Recommended:

  • You can conduct vulnerability scans and can recognize vulnerabilities in security systems
  • Familiarity with Apply confidentiality, integrity, and availability principles
  • Good understanding how to discern the protection needs (i.e., security controls) of information systems and networks
  • Familiarity with conducting application vulnerability assessments
  • Ability to Interpret vulnerability scanner results to identify vulnerabilities

Helpful:

  • Fundamental knowledge about how to determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
  • You know how to perform a target system analysis
  • General understanding of the meaning and use of critical SAP applications

SAP Security Training Overview

Number of Modules: 32
Duration: 4 full-days, 36 hours total, (8:00 - 17:00 CET)
Class size: 7-14 participants per class
Investment: €3,200 per person (excluding taxes)
Software Version: Unrestricted
Instructor: 
Days Covered in Online Class
  • Fundamentals for Cybersecurity Professionals
  • Overview of the Security Systems in SAP solutions
  • Common Security Flaws of SAP applications and systems
  • Common Security Flaws of an SAP System Landscape and Operations
*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.

Standard:

For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA© landscape consisting of two stages and a SAP NetWeaver© Java application server. You can access to environment by a virtual desktop system with all necessary tools pre-installed.

In addition you will need:

HTML 5 ready Browser preferably Edge, Chrome, Firefox
(Optional) Zoom client