Learn to Catch Security Vulnerabilities on the SAP Business Technology Platform (BTP) -
Before They Go Live

Open Session
Fundamentals of Designing Access Controls & Authentication Flows in SAP BTP Cloud Foundry presented by nullFaktor  

This online classroom training brings SAP Administrators together with Identity & Access Management experts. We teach you to teach them how to effectively design access controls and implement authentication features aligned with business demands and security objectives for SAP BTP Cloud Foundry Apps.  In two halff-day sessions your organization will gain the competencies needed to reduce access risk. Live, SAP security experts will show you how to manage access to your Cloud Foundry App and SAP back-end systems by working with SAP AppRouter configuration, using the SAP Identity Authentication Service (IAS), integrate external identity provider services and different authentication protocols. This training is hands-on and interactive. Packed with useful exercises, demonstrations, and question rounds to help you recall and apply what you’ve learned.
Cost

€ 1,000
per learner

Learners

Maximum 14 Learners

Duration

12 hours

Certification

 Certificate Upon Completion

Start Date

18 September 2023

Who’s a Good Fit

 SAP Business Technology Platform Developer
 SAP Business Technology Platform Administrators
 Cloud Identity and Access Management Consultants
IT Security Auditors

A Taste of What You Will Learn:

  • You will learn the security traits of SAP BTP, its associated threats, as well as, which protective measures to put in place for your organization
  • Take a journey through the different authentication and authorization protocols such as SAML and OAuth available in SAP BTP and learn about their unique traits for your use cases
  • Learn how you can integrate and use different authentication and identity providers with SAP BTP and what options you can leverage for risk-based access scenarios
  • Gain practical experience on how to test and troubleshoot authentication and access control configurations, including client-side analysis and interpretation of traces to verify access by the principle of least privilege and to fix errors timely
  • Find out how you can forward app user identities to an SAP backend system using principal propagation with SAP Cloud Connector as a common integration scenario for processing transactions from SAP BTP to your SAP core applications
  • Reduce access risk of your SAP BTP and set up secure authentication in scenarios with federated identities and hybrid scenarios connecting to SAP ERP systems

Course Information

Overview
Who's a Good Fit
Prerequisites
Practice Environment Tools

SAP Operations

  • SAP Business Technology Platform Developer
  • SAP Business Technology Platform Administrators

Audit

  • Cloud Identity and Access Management Consultants
  • IT Security Auditors

Who Else Might Be A Good Fit

If you have a traditional SAP ABAP© system user administration and authorization background and you need to translate your experience to SAP Cloud Foundry and enhance your capability to manage identities and access in cloud and hybrid scenarios.

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role Title Work Role ID
SAP Security Control Assessor SP-RSK-002
SAP Information System Security Developer SP-SYS-001

SAP Security Training Overview

Number of Modules: 10
Duration: 2 half-days, 12 hours total, (9:30 - 15:30 CET)
Class size: 7-14 participants per class
Investment: €1,000 per person (excluding taxes)
Software Version: Unrestricted
Instructors: 
Modules Covered in Training:
  • Fundamental Threats to PaaS Cloud Applications
  • Overview of Protective Capabilities in Cloud Foundry on SAP Business Technology Platform
  • Overview of SAP BTP Authentication and Authorisation protocols
  • Introduction to Hybrid Environment Authentication Scenarios SAP BTP Introduction to SAP BTP Identity Authentication Service
  • Introduction to the SAP BTP Identity & Authentication Provider Integration Options
  • Fundamentals of managing federated identities
  • Overview of the SAP BTP Authorisation Concept
  • Introduction of managing SAP BTP Authorisations
  • Fundamentals of Testing SAP BTP Authorisations
 *NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.

Mandatory:

  • The general properties of the HTTP protocol.
  • The meaning of the fundamental terms of identity and access management including identity, subject, object
  • The fundamental principles like need-to-know, least privilege, privilege bracketing and concepts of access management like Biba, Clark-Wilson, Bella-Padula, Chinese Wall
  • The general approaches of information security classification by the CIA triad

Recommended:

  • The fundamental concepts of Cloud Foundry applications
  • The general usage scenarios and concepts of the SAP BTP
  • The general concepts and tools to design application access in SAP BTP
  • Basic knowledge on the SAP Business Technology Platform

Helpful:

  • Navigate the SAP BTP administration interface
  • Describe the concept of principal propagation
  • Use command line tools by applying POSIX syntax and read simple BASH or Windows command scripts

Technical Prerequisites 

For more information, click here

Standard

For BTP courses you will get access to an SAP BTP account admininstation consol provided by us. This require an SAP support user ID to be related to your email address (click here) and a lab environment consisting of and Identity Provider, SAP Cloud Connector and S/4HANA© system.

In addition you will need:

  • The Cloud Foundry CLI utilities
  • A HTML5 ready browser preferably Edge, Chrome, Firefox
  • (Optional) Zoom