A partner account manager can help. Contact us today.

 Subscribe me to your mailing list




Controlling the security of critical objects where business data is processed is, unfortunately, frequently left beyond the scope of the CISO's authority, thereby affecting the security control that most critical objects demand. This example explains why security is crucial, yet neglected. Security is most neglected during project deployment especially if the system owner is part of the Senior Management and strict project deadlines have to be adhered to. Needless to say, even if the need for SAP security measures is recognized, inappropriate or lacking resources and information regarding SAP systems often lead to misconfiguration issues.

SAP security assessment and monitoring is a completely different ballgame compared to other applications such as mail server or domain controller. It demands seamless attention if it has to function and protect information as expected by a business. It is also inherently complex when it comes to enabling and maintaining security, especially since it is highly customizable along with its list of parameters available even in a default configuration. The complexity is amplified by the fact that almost every new SAP vulnerability is traditionally solved by installing an additional option with its own set of parameters, which usually leads to new and complex relations between settings. These complicate pre-existent settings and their functions, often forcing SAP specialists to work through a long list of manuals to rectify and get the system working.

Hence, the demand for SAP security specialists is huge and continues to grow. Regrettably, since the technical side of SAP security is immense, hiring the right candidate for the job is a task. Jobs such as creation of new accounts and segregation of duties can be handled, unlike user passwords, settings that are commonly left in the default state, or software vulnerabilities.


ERPScan allows for a complete 360° view of SAP systems security. It resolves the issues related to Vulnerability Management, Source Code Vulnerabilities and Backdoors, Access Control along with Segregation of Duties. The idea focuses on creating a tool that CISOs could use to control SAP landscapes and "translate" certain specific SAP problems from their default SAP language to a much more understandable Security language.


  • Automate routine by identifying 7500+ misconfigurations and 3000+ vulnerabilities across all types of SAP Platforms (ABAP, JAVA, HANA, BOBJ, Mobile), Systems, and Industry solutions;
  • Manage risks, assign tasks, compare results, and analyze trends by using dashboards;
  • Share access to ERPScan console with other teams such as SAP Basis, Risk Management, or Penetration Testers;
  • Decrease education expenses by using the world-largest knowledge base compiled by information security professional and SAP experts. This allows for easy understanding of found security issues along with remediation steps so that even inexperienced SAP professionals can infer to them;
  • Comply with standards such as: SOX, PCI-DSS, NERC CIP, SAP Security Guidelines and other SAP specific recommendations;
  • Obtain in-depth analysis and prioritization for 3000+ SAP Security Notes;
  • Integrate ERPScan results with external systems like IT GRC, ITSM and SIEM solutions for easy central management;
  • Decrease integration costs by the completely agentless technology which does not demand configuring SAP.