Leading SAP AG partner in discovering and solving security vulnerabilities                                 Request DEMO             
ERPScan Security Scanner for SAP logo

Invest in security to secure your investments

ERPScan Security Scanner for SAP is an  innovative product for continuous monitoring, standard compliance and vulnerability assessment of SAP platform. The system enables conducting complex security assessments while scanning SAP servers for software vulnerabilities, misconfigurations, segregation of duties (SOD), ABAP source code issues and backdoors and performs assessments for compliance to current standards and best practices including SAP best practices.

If you are a CSO in a large company and you simply have to be aware of the current security of your critical systems under SAP control or you are a SAP security expert, your company has dozens of servers and thousands of workstations and you lack the time for constant vulnerability assessment of these systems, there is an answer — ERPScan Security Scanner for SAP.

The current version has the following functions


Configuration analysis
  • Authentication;
  • Access control (SOD);
  • Encryption;
  • Monitoring;
  • Insecure configuration.
Vulnerability assessment
  • The latest version components;
  • Publicly known vulnerabilities;
  • Effectiveness of security tools (IDS/WAF/Proxy);
  • 0-day vulnerabilities;
  • ABAP source code vulnerabilities.
Standard compliance
  • SAP best practices;
  • ISACA assessment procedures.
Risk assessment
  • Risk estimation based on expert assessment of criticality and privacy;
  • Ability to accept a risk with the reference to the documented countermeasures.


ERPScan Security Scanner for SAP

ERPScan Security Scanner for SAP is an easily deployable and network-integrated scanner that provides checks of the basic SAP security configuration within 5 minutes and a few clicks.

At the same time it is a powerful, customizable enterprise solution outfitted with a large number of advanced settings and support of multi-user operation. The ERPScan enables creating special scan profiles for various systems and the grouping of systems by any category (for example, by the type of system or its location), and scheduling of scans. This enables easy management of SAP system security from a single point.

ERP systems are the core of every enterprise. They contain all of the critical business processes running inside from purchasing, payment and shipping, human resource management, production, and financial planning. All the data stored in ERP systems is of a paramount importance, and any illegal access can lead to huge losses or even business shutdown. In order to protect your business we strongly suggest an automated system to assess component security.

Myth: ERP Security Is A SOD Matrix

The wide-spread myth that ERP security is a SOD matrix has been dispelled. Within the last 3 years SAP security experts have spoken a great deal about various attacks on SAP from RFC interface, SAPROUTER, SAP WEB, and SAP GUI client workstations. A number of hack tools were released that proved the possibility of SAP attacks. According to statistics of vulnerabilities found in business applications there were more than 100 vulnerabilities patched in SAP products within 2009, while it grew to more than 500 within 2010. Most of these vulnerabilities allow an unauthorized user to gain access to all the critical business data and enterprises and simply require automated software to reveal this problem and many others in SAP systems.
 
We devote attention to the requirements of our customers and prospects, and are constantly improving our product. If you find that our scanner lacks a particular function, feel free to e-mail us or give us a call. We will be happy to consider your suggestions for the next releases or monthly updates.