Securing SAP Systems - ESNC Software

SAP penetration testing focuses on actual threats. It is an essential part of SAP security audit activities. It helps analyzing SAP security by running public or private SAP exploits and using SAP configuration weaknesses for systems compromise.
Application scenarios include server installation of ESNC Software:

Server installation of ESNC Penetration Testing Suite

  • Regular assurance testing/pentesting SAP systems

  • Scan up to 100s of SAP systems for security vulnerabilities

  • Schedule scans / run on demand

The system landscape can be summarized as following:


Goal: No SAP system goes online without automated security testing of:

  • Gateway security (Secinfo/Reginfo configuration)

  • Default passwords

  • Critical ITS services