SAP NetWeaver Security Workshop

Today, attacks on SAP systems are a daily occurrence. You will face hackers with very good SAP knowledge, who use the smallest security holes to get access to enterprise data. This workshop will provide you with knowledge about these attacks, so you can be better prepared for the potential dangers in your own SAP system.

Retail Price: $4,495.00

Next Date: Request Date

Course Days: 5


Request a Date

Request Custom Course


Who Can Benefit

  • System Managers
  • System Administrators
  • Auditors
  • Technical Security Team Members

Prerequisites

  • ADM100
  • ADM960
  • Knowledge of security topics
  • Technical background (Web technology, SAP Basis) SAP System Administration

Course based on software release

  • SAP NetWeaver 7.02/ SAP NetWeaver 7.4

Content

Operating System

  • File System Security* Windows/Linux, Access Control, User concept
  • Starting Applications from SAP

Database

  • Database access (SAP, external)
  • DB hardening

Network

  • Firewall, Proxy servers
  • SAP Web Dispatcher*, SAProuter*
  • Hacking tools*
  • Brute Force Attacks*
  • RFC Gateway Hack*

SAP

  • User authentication and access control
  • Access over the client barrier
  • Identity Provisioning and Identity Federation with NetWeaver Identity Management
  • SSO (logon tickets, SAML, SPNego, etc.)
  • Authorisation*
  • Switchable authorisation checks
  • SAP NetWeaver AS Java
  • SQL-Injection
  • Automated penetration test*
  • SAP Gateway Security*
  • Misuse of RFC callback
  • Identifying redundant Custom Coding (UPL)
  • SAP Security Patching - Best Practise and Tools
  • Communication Interfaces (RFC, http(s))*
  • Encryption
  • Security in transportation*
  • Logging and trace option
  • SAP Solution Manager, Agents and Wily Introscope Enterprise Manager
  • Enhanced Security in Solution Manager 7.2

New products , tools and transactions of SAP security related news:

  • Enterprise Threat Detection (ETD)
  • Read Access Logging (RAL)
  • Unified Connectivity (UCON) - introduction
  • Authorisation maintenance based on UCON
  • Defining different security policies for user groups (secpol)

(*)will be simulated by the participant as attacker and defender with help of the trainer



Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date