A Crash Course On SAP-Specific Cyber Attacks And How To Defend Against Them.

Live Online Training
Fundamentals of Attacking and Defending SAP Systems presented by Vixcer Inc. 

A great course for security professionals who want to increase their SAP security skills, this live online training provides the most up-to-date information on SAP specific attacks and walks you through the best way to implement protection activities. In four, four-hour sessions, you will learn how to perform vulnerability assessments, audits, and penetration tests on your own unique SAP platform. Structured to be hands-on, security topics are broken down into bite sized concepts with interactive exercises, and demonstrations that make learning directly applicable and easier to recall later. After course completion you will be well equipped with the knowledge you need to understand the critical risks your SAP platform may be facing now, pro-actively assess them, and more importantly, confidently apply best-practices to effectively mitigate them.
Duration

16 hours

Live instructor

Learners

Maximum 14

Access and Infrastructure

Certification

 Certificate Upon Completion

Price

1,600 € per learner

Who’s a Good Fit

 SAP Basis Administrator

 SAP Security Consultant

 Penetration Tester or Red Teamer

 Application Security Expert

 Blue Teamer

 IT Security Auditor

A Taste of What You Will Learn:

  • You will learn about the basis components, security concepts, and architecture for SAP systems and why safeguarding them requires special consideration
  • Reasons why common security approaches fall short or do not work when it comes to securing applications. 
  • You will learn to identify common vulnerabilities caused by insufficient hardening of a vanilla SAP installation and how they can be used to compromise a system completely.
  • You will learn the security traits of different SAP proprietary remote protocols and how attacker can leverage them for lateral movement and exploitation.
  • You will learn how to identify and proof the exploit-ability of vulnerabilities without causing business disruption to implement a safe approach to assess the security state of your SAP environment
  • You will gain knowledge on different tools and options that effectively help  defend SAP system against the most common attacks. As well as adversarial techniques for putting SAP-specific and agnostic protective measures in place.

Course Information

Overview
Who's a Good Fit
Prerequisites
Practice Environment Tools

SAP Operations

  • SAP Basis Administrator

  • SAP Security Consultant

IT Security

  • Penetration Tester or Red Teamer

  • Application Security Expert

  • Blue Teamer

  • IT Security Auditor



NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role Title Work Role ID
(SAP) Secure Software Assessor SP-DEV-002
SAP Security Architect  SP-ARC-002
SAP Security Control Assessor SP-RSK-002
SAP System Administrator OM-ADM-001
SAP Cyber Defense Analyst PR-CDA-001

Who Else Might Be A Good Fit

  • If you have a traditional background in SAP operations and database administration and want to get into cybersecurity this course is a great fit to help you expand your existing skills with a security point of view.

          Mandatory:

  • General knowledge about Linux and Unix operations

Recommended:

  • Familiarity of working with command line applications and Unix shells.

Helpful:

  • Fundamental knowledge about SAP core technologies such as NetWeaver and HANA

  • Fundamental knowledge about proprietary SAP protocols such as RFC.












For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA© landscape consisting of two stages and a SAP NetWeaver© Java application server. You can access to environment by a virtual desktop system with all necessary tools preinstalled.

In addition you will need:

HTML 5 ready Browser preferably Edge, Chrome, Firefox

(Optional) Zoom client





SAP Security Training Overview

Number of Modules: 16
Duration: 4 half days, 16 hours total, (13:00 - 17:00 CET)
Class size: 7-14 participants per class
Investment: 1,600 EUR per person taxes excluded
Software Version: Unrestricted
Instructor: Jordan Santarsieri

Modules Covered in Training:
  • Introduction into SAP, SAP solution architecture and networking capabilities.   
  • Overview on operating systems and SAP systems database technology.   
  • Introduction into SAP S/4HANA© from a security perspective.   
  • Overview of SAP user account security traits.  
  • Attacks scenarios for password-based authentication.   
  • Overview of different SAP software components and service and protocols from a security point of view.  
  • Introduction into the SAP system web application security. 
  • Overview of SAP technology audit trails and security event sources.

*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.