Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

Tweet

SAP Penetration
testing

Why do you need an SAP pentest?

Interest in SAP security is growing exponentially and the numerous attacks play a significant role in driving this interest. Take, for example, recent breaches revealed in SAP system of a government contractor USIS.

Analysts from different firms such as Gartner, IDC, KuppingerCole and Quocirca agree on significant importance of SAP security tests and lack of this functionality in traditional tools.

But are you prepared for the changes and do you have competent experts to address SAP pentest? SAP penetration testing is a time consuming process that requires sufficient resources and specific knowledge.

Since there are complex systems to operate coupled with an array of different installation types, the need for different divisions of security specialists is urgent.

Even the application server may be based on either ABAP, J2EE, HANA or other platforms. Not to mention that there are particular applications and modules, which total more than 50.

In-depth assessments of databases and applications such as ERP systems (for example SAP or Oracle), especially, are not widely supported in traditional VA solutions, which focus on devices.

Gartner’s Market Guide
for Vulnerability Assessment 2014.

How can we help with SAP Pentest?

SAP Penetration testing is an excellent way to simulate actions attackers will easily perform to gain access to critical SAP data or check reliability of implemented security measures.

Penetration tests are made to reveal system breaches that most attackers rely on to get access to business-critical data or even use it for espionage, fraud or sabotage purposes.

Our penetration testers have gained a lot of experience as their focus for the last 5 years was SAP and enterprise business application security. Before that they were engaged in different areas of application security from mobile and web to IOT and SCADA security.

SAP Security testing is intended for you if you understand the importance of improving SAP solutions’ security and want to demonstrate this need to the management by hiring 3rd party experts. You will also significantly benefit from this service if you want to make sure that your security control measures were implemented effectively.

What we do while pentesting your SAP system?

  • Identify of most critical vulnerabilities by blackbox scan;
  • Exploit revealed vulnerabilities;
  • Gain access to connected systems via RFC links and other trusted connections;
  • Decrypt user passwords and test them on other systems;
  • Post–exploit and gather information to break connected systems;
  • Gain access to business-critical data;

Upon completion you will be issued a report containing:

  • List of Vulnerabilities and Misconfigurations found;
  • Real attack vectors describing how your systems can be exploited;
  • Business Risks related to the exploitation of those vulnerabilities;
  • Detailed recommendations for Vulnerability Patching;
  • Security Guidelines for General System Configuration;

Why ERPScan?

Experience is the best warranty for high-quality services. Our employees have gained a lot of experience in information security assessment and enterprise application security while working with some of the world's largest organizations.

1

Genuine professionals & researchers

Those in search of unmatched services rendered by genuine professionals who conduct daily security research in SAP solutions and those responsible for security assessment for SAP SE. Those interested in employing thorough professionals to protect your systems from lurking threats can benefit from our services. Rest assured you've chosen the right company to help you with all of your SAP security issues.

2

Team of experts known worldwide

In over 60 conferences held worldwide ERPScan Research experts were also proud to lecture about new attacks and defense in 60+ conferences worldwide. We've earned success and guarantee you the same in your business.

Testimonials:

"We would like to thank the world-class security experts of ERPScan for the highly qualified job performed to help us assess the security of our pre-release products."

Senior Director, Product Security, Technology and Innovation Platform
SAP Labs, Paolo Alto, USA

"GDF Selected ERPScan Security Monitoring Suite for SAP to identify, analyze and respond to SAP Security issues including vulnerabilities, core security issues and SOD violations, this solution was the only one to cover all listed areas, correlate results and help in remediation by providing even automatic correction when possible. Among Advantages of ERPScan we can name : industry specific checks for Energy sector including compliance to NERC CIP regulations, It analyses big data and provide semi-automatic remediation and Constant development powered by team of experienced IT Security experts."

GDF SUEZ Energia Polska S.A, is one of the biggest energy manufacturer in Poland

"ERPScan has become well known as a specialist in security research in ERP systems, not infrequently turning up flaws in systems from SAP and Oracle."

John Leyden, The Register

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

*

*

*

*

Select your country:

*

 Subscribe me to your mailing list