IS Governance Security & Compliance team.

We can help you, if you need to reduce the Risk...

  • Aumentar fuente
  • Fuente predeterminada
  • Disminuir fuente
  • Error al cargar los datos feed.
  • Error al cargar los datos feed.
  • Error al cargar los datos feed.

Sap Security Analysis

E-mail Imprimir PDF

SAP Security is a highly complex framework for Enterprise Resource Planning (ERP). As one of the worlds largest and most commonly deployed ERP systems, SAP has undergone considerable transformation over time to become a core part of many businesses operations. Securing SAP requires more than a review of roles and profiles, its a complex exercise that calls for real experts with in-depth knowledge.

Nullcode team have been conducting SAP Security Testing since R/3 was still current. Weve watched SAP grow through ITS and NetWeaver into the modern platform it is today. Our consultants have extensive experience in SAP ABAP/4 and Java security, and are skilled in attacking across dialog, CPIC, and SAPs various web interfaces.

Nullcode Scope

Following an initial scoping meeting or call, we provide a fully scoped quote for your SAP Security Test. Depending on the maturity of your SAP solution this may take longer than scoping a normal penetration test, as considerable landscape detail is needed to scope accurately, and SAP deployments tend to have a large amount of stakeholder engagement that can sometimes (rightly) slow the process down.

Our consultants perform the work in accordance with the agreed scope. Once the test is complete, consultants produce a report with a high level executive summary, detailed technical section and appendices for any relevant observations requiring further detail.

Looking for

Default accounts across clients
Insecure RFCs with weak authorizations
Portal access control weaknesses
Remote command execution
SAPGUI Debug support enabled in production
Insecure ABAP/Java calls in custom code
Insufficient authorizations
Privilege escalation vulnerabilities
Weak infrastructure controls
Transport integrity weaknesses

Resultado de imagen para SAP SECURITY



Patching the System