A Comprehensive Leap into the Security Traits of Critical SAP Systems for Security Professionals
Fundamentals of Assessing Security Controls and the Security Posture of SAP Systems
Finally, a course to demystify SAP for security professionals! In this live online training, penetration testers and application security experts take a deep dive into the security traits of SAP technology and the organizations and processes running them in boot camp style. After an extensive four-day training, you can organize, plan and conduct assessments on critical SAP business applications in a gray-box approach resulting in a comprehensive description of the security posture of an SAP system. You will learn how to perform vulnerability assessments, code security reviews, access audits, penetration tests, and red-team engagements in an SAP landscape by providing crystal-clear findings and recommendations SAP organizations can relate to. This training is hands-on, structured with a mix of exercises, demonstrations and coaching. New knowledge and skills become directly applicable and easier to recall later. Access to a practice lab along with a ready-to-use set of SAP-specific and agnostic assessment tools provides you with a boilerplate for your future tool chain and SAP security intelligence sources.
A Taste of What You Will Learn:
Learn how to conduct a comprehensive reconnaissance for SAP software installations on the internet or in a corporate network environment to identify targets and understand network protection measures
Understand common security issues related to the typical use of SAP business software applications to create more specific and practical advice to remediate or mitigate identified vulnerabilities
Identify common vulnerabilities caused by insufficient hardening of SAP system components or their interaction and how they can be used to compromise a system completely
Learn the security traits of some SAP proprietary remote protocols and how an attacker can leverage them for lateral movement and exploitation
Take a journey through the typical roles in an SAP IT department to understand their security responsibilities and conflicts of interest to ask the right stakeholders about information or support required for an assessment or to exploit the organization's processes and traits like attackers do
Gain practical experience to identify and proof the exploit-ability of vulnerabilities without causing business disruption to implement a safe approach to assess the security state of your SAP environment
Understand the different options on how to defend an SAP system against the most common attacks and adversarial techniques by putting SAP-specific and agnostic protective measures in place
Audit Line of Defense
- Penetration Tester or Red Teamer
- Application Security Expert
- Blue Teamer
- IT Security Auditor
Who Else Might Be A Good Fit
If you have a traditional background in SAP operations and database administration and want to get into cybersecurity this course is a great fit to help you expand your existing skills with a security point of view.
NIST/NICE Cybersecurity Workforce Framework Work Roles
|Work Role Title||Work Role ID|
|(SAP) Secure Software Assessor
|SAP Security Control Assessor
- Good knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defence-in-depth)
- General understanding of Security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA])
- General knowledge of Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark- Wilson integrity model).
- Good understanding of Penetration testing principles, tools, and techniques
- Common understanding of common security controls related to the use, processing, storage, and transmission
- Good understanding of typical Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
- Familiarity of working with command line applications and Unix shells
- You can conduct vulnerability scans and can recognize vulnerabilities in security systems
- Familiarity with Apply confidentiality, integrity, and availability principles
- Good understanding how to discern the protection needs (i.e., security controls) of information systems and networks
- Familiarity with conducting application vulnerability assessments
- Ability to Interpret vulnerability scanner results to identify vulnerabilities
- Fundamental knowledge about how to determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
- You know how to perform a target system analysis.
- General understanding of the meaning and use of critical SAP applications
For more information, click here
SAP Security Training Overview
Days Covered in Online Class
Fundamentals for Cybersecurity Professionals
Overview of the Security Systems in SAP solutions
Common Security Flaws of SAP applications and systems
Common Security Flaws of an SAP System Landscape and Operations
*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.
For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA© landscape consisting of two stages and a SAP NetWeaver© Java application server. You can access to environment by a virtual desktop system with all necessary tools pre-installed.
In Addition You Will Need:
HTML 5 ready Browser preferably Edge, Chrome, Firefox
(Optional) Zoom client
I am interested in learning more about purchasing multiple subscriptions!
Get in contact with our sales department and learn more about how you can save by purchasing multiple, annual subscriptions