[This article was presented at CCC Annual Congress, Berlin, 2010] SAP Security and the Enterprise Ertunga Arsal SAP systems are the heart of many enterprises. Most critical business functions run on SAP Applications and the complexity of these systems makes it very difficult to protect against attackers. Default setups, forgotten/unimplemented security configurations, weak password management…
Proper authentication is the key to proper segregation of duties. Any compromised/easy to guess account can cause irrecoverable harm to companies. Enterprises which put a lot of effort in governance and compliance know that any mistake such as one default password forgotten in an overlooked client e.g client 066 or one weak password used by…
We support you by on-site SAP security reviews, where we focus both on insider threats and Internet based attack vectors. Based on the SAP security audit results; performance, and availability problems can be prevented before they affect critical operations. We provide technical assessment of your SAP infrastructure to help prevent the problems that can affect…
It is ideal to organize the SAP security training right after the SAP security audit or ABAP security review is completed. This way actual SAP security assessment results can be used during the SAP security workshops. This increase SAP security awareness. We provide two separate tracks for SAP security training: Track A: SAP System…
SAP ABAP security reviews and SAP Java custom code audit activities are helpful in determining various exploits in custom developed ABAP and Java applications. Answers to the questions such as “Can your users become ‘other’ users?”, “Are your credentials stored securely?”, “Can there be any security flaws in your ABAP or Java code, which can…
SAP BW systems have access to critical data. The security in this field mostly focuses on SAP BASIS security and specialized BW authorizations. We help our customers with SAP security audit services specialized on SAP BW systems. This includes security assessment of SAP Java stack and ABAP stack for BI systems. We audit the ICF/ITS…
SAP backdoors and SAP rootkits are the reality of today. Whether a disgruntled employee seeking revenge or a competitor who tries to obtain ‘competitive advantage’, we see more and more cases of backdoored SAP systems. We provide backdoor analysis services for mission critical production systems where we look for signs of tampering. Attackers use many…
SAP HR/HCM security is gaining more popularity because of the recent legal changes to handling of private information in Germany and in other countries. We offer SAP security audit services specialized on HR systems. Combined with an ABAP security analysis, we can detect most of the critical issues on customer SAP HR systems in a…
SAP CRM Security is becoming more and more important with the wide adoption of Internet facing applications. We help our customers with SAP security audit services specialized on SAP CRM systems. This includes security assessment of SAP Java stack and ABAP stack for CRM systems. We audit the ICF/ITS systems security, SAP Java AS security,…
SAP security can only be sustained with proper business processes and security governance. Many of our customers have more than a hundred SAP systems within their enterprise. Securing the complete SAP landscape is a much bigger challenge than focusing on a small number of individual SAP systems. We work together with our customers to develop…
What are the top 5 SAP security recommendations? SAP security is crucial. At ESNC, we have conducted numerous SAP security assessments to date. Based on our experiences with multiple large enterprise customers and financial organizations, we’d like to summarize our top 5 recommendations for having a secure SAP landscape in this knowledge base article. We…
ESNC provides SAP forensic analysis services for security incident response teams and for law enforcement. Whether it is an SAP system breach or a case of corporate fraud, the financial risks of economic crime can be immense. We help to investigate, analyze and resolve potential crises and provide forensic advisory services upfront to prevent them.…
SAP penetration testing focuses on actual threats. It is an essential part of SAP security audit activities. It helps analyzing SAP security by running public or private SAP exploits and using SAP configuration weaknesses for systems compromise. Application scenarios include server installation of ESNC Software: Server installation of ESNC Penetration Testing Suite Regular assurance testing/pentesting…
SAP GUI vulnerabilities are a critical part of SAP security and they should not be overlooked during SAP security audits and regular SAP scans. SAP GUI security affects the security of workstations that SAP users are using for connecting to their SAP systems. It can be attacked locally as well as remotely through the system using backwards…
Securing self developed ABAP programs, BSP pages, and DynPros is a difficult task for large organizations. Without the presence of automated tools, it is almost impossible to accomplish. We believe that in any system where development is done, secure software life-cycle models must be implemented, regular SAP security audits should be extended to include ABAP…
Assurance testing / SAP penetration testing is an important part of the security life-cycle. We are the first to offer an SAP penetration testing software for security professionals, internal audit teams, and for auditing companies, where no technical background is necessary for enhancing your SAP security audit results and checking whether an attacker can harm…
The ESNC provides the most comprehensive SAP security audit software to date. Analyzing many SAP systems for critical security issues is only a few clicks away. SAP security reviews can be completed much faster now. Our SAP security scanner analyzes all of your SAP application servers, their security configurations, SAP user authorizations and many other…
ESNC Security Intelligence middleware is an integral part of the Enterprise Threat Monitor. It is available as the SAP SIEM integration add-on. We leveraged our experience in years of SAP integration development to build a middleware for our partners to access critical SAP security event information. Best suitable for SIEM solution providers who want to include…
SAP Java AS security scan and ABAP remote exploit functionality improved
What is SAP Security Consulting? SAP security consultancy focuses on opening gaps, detecting SAP security vulnerabilities and providing recommendations for mitigation. How we help securing SAP systems SAP security consultants of ESNC help securing SAP applications of many Fortune 100 companies, banks, central banks and enterprise in major industries. We are the experts in SAP security.…
SAP security audits, SAP pentests, and ABAP code security reviews allow companies to react before a security incident takes place. While it is common practice to hire SAP security consultants for such SAP security assessments, the costs for covering the entire SAP landscape can be very high. We are proud to provide unique, easy-to-use, highly…
For our SAP competence center in Munich, we are looking for senior SAP security consultants with solid SAP security skills All positions require at least 50% travel both in Germany and in Europe. M/F Senior SAP Security Consultant (Ref: SN_CS) 5+ years of SAP Security Design, Implementation and Administration in a Global SAP Environment ECC…