Live Online Training
SAP Threat Modeling - Identify and Address Potential Security Risks Before They Become a Problem

SAP systems have unique characteristics and potential vulnerabilities that are distinctive to SAP technology. Learning to conduct threat modeling specifically for your landscape can significantly improve how you identify and prioritize threats and vulnerabilities and develop effective strategies to mitigate them. The course will help you better protect your organization from security incidents, reduce the impact of incidents that do occur, and meet compliance requirements. The group exercises are interactive, hands-on, and based on real-life examples, allowing participants to gain practical experience with SAP Security. It will cover modeling threats in a complex environment such as a hybrid SAP landscape consisting of SAP BTP applications, S/4HANA Solutions, or an on-premise SAP landscape consisting of legacy implementations. In addition, you will be immersed in the attacker’s and defender’s points of view. You will also gain insight into how potential attackers might approach your SAP system, what methods they might use to compromise it, then develop effective defensive strategies and controls to improve protection. To ensure that your threat modeling is effective and comprehensive, we will also highlight “best practices” for SAP threat modeling.

Price

€ 400
per learner

Live instructor:

Learners

Maximum 14 Learners

Duration

4 hours

Certification

 Certificate Upon Completion

Start Date

11 December 2023

Who’s a Good Fit

 Application Administrators
 Network Administrators
 SAP Security Consultants
 IT Security Auditor
SOC Specialists
 Penetration Tester or Red Teamer
 Security Architects
 Application Security Experts

A Taste of What You Will Learn:

  • Understand the fundamental concepts of threat modeling

  • Recognize how threat modeling can help you prioritize mitigation techniques and defense mechanisms

  • Learn how to implement threat modeling for your organization or customers

  • Analyze how attackers and penetration testers can map out attack vectors through real-life exercises

  • Identify critical paths across your threat model
  • Utilize a structured approach to threat modeling, such as the STRIDE methodology, to consider all potential threats and vulnerabilities
  • Identify critical assets in your SAP system, such as sensitive data, important business processes, and critical infrastructure components, to prioritize threat modeling efforts
  • Learn both offensive and defensive techniques for SAP threat modeling
  • Improve stakeholder involvement from across the organization, including business units, IT, and security teams, in the threat modeling process for a comprehensive understanding of potential threats and vulnerabilities to your SAP system

Course Information

Overview
Who's a Good Fit
Prerequisites
Practice Environment Tools

Operations

  • Application Administrators 
  • Network Administrators
  • SAP Security Consultants

IT Security

  • Application Security Experts
  • Security Architects
  • Penetration Tester or Red Teamer
  • SOC Specialists
  • IT Security Auditor

Who Else Might Be A Good Fit

If you have a traditional background in SAP operations and database administration and want to get into cybersecurity this course is a great fit to help you expand your existing skills with a security point of view

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role Title Work Role ID
SAP Cyber Defense Analyst PR-CDA-001
Cyber Defense Infrastructure Support Specialist PR-INF-001
Vulnerability Assessment Analyst PR-VAM-001
Threat/Warning Analyst AN-TWA-001
All-Source Analyst AN-ASA-001
Cyber Operator CO-OPS-001

Mandatory:

  • A fundamental understanding of basic concepts of threat modeling

 Recommended:

  • You can conduct vulnerability scans and can recognize vulnerabilities in security systems
  • Familiarity with Apply confidentiality, integrity, and availability principles
  • Good understanding how to discern the protection needs (i.e., security controls) of information systems and networks
  • Familiarity with conducting application vulnerability assessments
  • Ability to Interpret vulnerability scanner results to identify vulnerabilities

Helpful:

  • A basic understanding of the STRIDE methodology
  • An understanding of the different types of threats that can affect each area of the STRIDE methodology
  • An understanding of the different mitigation techniques for each area within the STRIDE methodology

SAP Security Training Overview

Number of Modules: 4
Duration: 1 half-day, 4 hours total, (9:00 - 13:00 CET)
Class size: 7-14 participants per class
Investment: €400 per person (excluding taxes)
Software Version: Unrestricted
Instructor:
Modules Covered in Online Class
  • Fundamentals of threat modeling
  • Overview of the different methodologies used for threat modeling
  • Introduction to the STRIDE methodology
  • Manual attack simulations and mitigation exercises

*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.

Standard:

For this course, you will be conducting hands-on practice in the different concepts of threat modeling. You will be assigned to individual groups to work on different exercises in the different concepts of threat modeling.

Optional:

To follow along with the different exercises, it is recommended that you have the latest version of the OWASP Threat Dragon (hyperlink) installed on your machine.

In addition you will need:

HTML 5 ready Browser preferably Edge, Chrome, Firefox
(Optional) Zoom client