A Crash Course on SAP-Specific Cyber Attacks & how to
Defend Against Them

Open Training Session
Fundamentals of Attacking & Defending SAP Systems presented by Vicxer Inc. 

A great course for security professionals who want to increase their SAP security skills, this live online training provides the most up-to-date information on SAP specific attacks and walks you through the best way to implement protection activities. In two, four-hour sessions, you will learn how to perform vulnerability assessments, audits, and penetration tests on your own unique SAP platform. Structured to be hands-on, security topics are broken down into bite sized concepts with interactive exercises, and demonstrations that make learning directly applicable and easier to recall later. After course completion you will be well equipped with the knowledge you need to understand the critical risks your SAP platform may be facing now, pro-actively assess them, and more importantly, confidently apply best-practices to effectively mitigate them.
Cost

€ 800
per learner

Live instructor

Learners

Maximum 14
Learners

Duration

8 hours

Certification

 Certificate Upon Completion

Start Date

4 September 2023

Who’s a Good Fit

 SAP Basis Administrator
 SAP Security Consultant
 Penetration Tester or Red Teamer
 Application Security Expert
 Blue Teamer
 IT Security Auditor

A Taste of What You Will Learn:

  • You will learn about the basis components, security concepts, and architecture for SAP systems and why safeguarding them requires special consideration
  • Reasons why common security approaches fall short or do not work when it comes to securing applications
  • You will learn to identify common vulnerabilities caused by insufficient hardening of a vanilla SAP installation and how they can be used to compromise a system completely
  • You will learn the security traits of different SAP proprietary remote protocols and how attacker can leverage them for lateral movement and exploitation
  • You will learn how to identify and proof the exploit-ability of vulnerabilities without causing business disruption to implement a safe approach to assess the security state of your SAP environment
  • You will gain knowledge on different tools and options that effectively help  defend SAP system against the most common attacks. As well as adversarial techniques for putting SAP-specific and agnostic protective measures in place

Course Information

Overview
Who's a Good Fit
Prerequisites 
Practice Environment Tools

SAP Security Training Overview

Number of Modules: 8
Duration: 2 half days, 8 hours total, (13:00 - 17:00 CET)
Class size: 7-14 participants per class
Investment: €800 per person (excluding taxes)
Software Version: Unrestricted
Instructor: Jordan Santarsieri
Modules Covered in Training:
  • Introduction into SAP, SAP solution architecture and networking capabilities
  • Overview on operating systems and SAP systems database technology
  • Introduction into SAP S/4HANA© from a security perspective
  • Overview of SAP user account security traits
  • Attacks scenarios for password-based authentication
  • Overview of different SAP software components and service and protocols from a security point of view
  • Introduction into the SAP system web application security
  • Overview of SAP technology audit trails and security event sources
*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.

Operations

  • SAP Basis Administrator
  • SAP Security Consultant

IT Security

  • Penetration Tester or Red Teamer
  • Application Security Expert
  • Blue Teamer
  • IT Security Auditor

Who Else Might Be A Good Fit

If you have a traditional background in SAP operations and database administration and want to get into cybersecurity this course is a great fit to help you expand your existing skills with a security point of view

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role Title Work Role ID
(SAP) Secure Software Assessor SP-DEV-002
SAP Security Architect  SP-ARC-002
SAP Security Control Assessor SP-RSK-002
SAP System Administrator OM-ADM-001
SAP Cyber Defense Analyst PR-CDA-001

Mandatory:

  • General knowledge about Linux and Unix operations

Recommended:

  • Familiarity of working with command line applications and Unix shells

Helpful:

  • Fundamental knowledge about SAP core technologies such as NetWeaver and HANA
  • Fundamental knowledge about proprietary SAP protocols such as RFC

Technical Prerequisites 

For more information, click here

Standard:

For this course you will use a lab environment hosted by us to practice. The lab provides access to an SAP S/4HANA© landscape consisting of two stages. You get access to the environment by a virtual desktop system with all necessary tools preinstalled.

In addition you will need:

  • HTML 5 ready Browser preferably Edge, Chrome, Firefox
  • (Optional) Zoom client