SAP penetration testing focuses on actual threats. It is an essential part of SAP security audit activities. It helps analyzing SAP security by running public or private SAP exploits and using SAP configuration weaknesses for systems compromise.
Application scenarios include server installation of ESNC Software:
Server installation of ESNC Penetration Testing Suite
-
Regular assurance testing/pentesting SAP systems
-
Scan up to 100s of SAP systems for security vulnerabilities
-
Schedule scans / run on demand
The system landscape can be summarized as following:
Goal: No SAP system goes online without automated security testing of:
-
Gateway security (Secinfo/Reginfo configuration)
-
Default passwords
-
Critical ITS services