Tuesday, July 13, 2010

TRAINING: SAP Security In-Depth

Year after year, ekoparty Security Conference presents the best and most improving trainings at a moderate cost. For the very first time in this edition we will offer the best SAP security training of the moment!

Click here for more information.

SAP Security In-Depth

Have you ever wondered whether your business-critical SAP implementation was secure? Do you know how to check it? Have you imagined which could be the impact of an attack to your core business platform? Do you know how to prevent it? This training is the answer to these questions.

For many years, SAP security has been a synonym of "segregation of duties" or "securing roles and profiles". While this kind of security is mandatory and of absolute importance, there are many threats that have been so far overlooked and are even more dangerous, such as the possibility of taking remote control of the entire SAP landscape without having any user in any system.

This training will help you to fill this knowledge gap, allowing you to understand the involved threats and risks and how to mitigate them. You will review the whole picture, from the security of the Environment and the SAP application-level gateways (SAProuter, Webdispatcher), through the assessment and hardening of the Operating Systems and Databases and their interaction with the SAP systems up to the security of the SAP Application Layer: Authentication, User security, Password Policies, Authorization subsystem, Interface Security, ABAP security concepts, Component Security, Backdoors, Auditing, Monitoring and more!

The training is organized with many hands-on exercises, which will help you grasp practical knowledge quickly. You will learn how to assess the security of an SAP implementation and then secure the critical security gaps you discovered. You will be able to learn how to use different SAP security tools, as well as Onapsis Bizploit, the first opensource ERP Penetration Testing Framework.

The training also provides a quick introduction to basic SAP concepts, which allows non-SAP security professionals to follow the course smoothly.


Information Security Managers, Consultants and Auditors. SAP Administrators, Project Leaders and Consultants.

Understand the basic security concepts in SAP systems
Learn which are the main risks that can affect the security of the platform.
Learn how to perform technical security assessment of SAP systems.
Understand how to protect the systems from detected vulnerabilities, decreasing fraud risk.
Use specific software to evaluate the security of an SAP system.
Grasp practical knowledge through hands-on exercises.

Introduction to SAP
Onapsis Bizploit – The ERP Penetration Testing Framework
Security of the Environment
Secure Architecture
SAP Application Level Gateways
The SAProuter
The SAP Web Dispatcher
Security of the OS & DB
Security of SAP on Windows environments
Security of SAP on UNIX environments
Security of SAP with MS SQL Server databases
Security of SAP with Oracle databases
Security of the SAP Application Layer
Authentication Mechanisms
User Security

Security of the SAP Application Layer
Password Policies
Authorization Concept
Interface Security
Securing the System Landscape
ABAP (In)Security
SAP Backdoors
Component and Application Security
SAP Internet Transaction Server (ITS)
SAP Internet Communication Manager (ICM)
SAP Management Console (MC)
SAP Secure Network Communications (SNC)
Secure Sockets Layer (SSL)
Monitoring and Auditing

- The training provides a quick introduction to basic SAP concepts, which allows non-SAP security professionals to follow the course smoothly.
- General knowledge of networking and security concepts is recommended.

TRAINER: Mariano Nuñez Di Croce
Mariano Nuñez Di Croce is the Director of Research and Development at Onapsis. Mariano has a long experience as a Senior Security Consultant, mainly involved in security assessments and vulnerability research. He has discovered critical vulnerabilities in SAP, Microsoft, Oracle and IBM applications.

Mariano leads the SAP Security Team at Onapsis, where he works hardening and assessing the security of critical SAP implementations in world-wide organizations. He is the author and developer of the first open-source SAP & ERP Penetration Testing Frameworks and has discovered more than 50 vulnerabilities in SAP applications. Mariano is also the lead author of the "SAP Security In-Depth" publication and founding member of BIZEC, the Business Security community.

Mariano has been invited to hold presentations and trainings in many international security conferences such as BlackHat USA/EU, HITB Dubai/EU, DeepSec, Sec-T, Hack.lu, Ekoparty and Seacure.it as well as to host private trainings for Fortune-100 companies and defense contractors. Mariano has a degree in Computer Science Engineering from the UTN.


  1. awful piece of information, I had come to know about your blog from my friend vimal, mumbai,i have read atleast 13 posts of yours by now, and let me tell you, your blog gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a million once again, Regards,sap bo online training

  2. I have read your blog its very attractive and impressive. I like it your blog.

    Java Training in Chennai Java Training in Chennai | Core Java Training in Chennai

    Online Java Training Java Online Training | Java J2EE Online Training | JavaEE Training Institute in Chennai

  3. You simply need to go with a rigorous process Edward Jones Account simply enter your online account User ID at this specific option.

  4. First of all, the pupils should meet all the technical needs to make use of i-Ready. i-Ready Log In Their institution to access in your home will not play well on that system.

  5. If we are talking about training,I think that writing skills are very important. you can check this out and read different advices about writing classification essay in order to do this.

  6. SAP is being positioned by SAP as the absolute in-memory database for its products and more recently as a standalone platform liteblue usps

  7. I'm shakshi.I am working in India top most Escort serviceEscort service in Mumbai.If u want to join the all facility of escortsEscort service in Bhubaneswar.pls call me & whatssapEscort service in Puri
    visit the sites.Escort service in Cuttack

  8. Hi Guys I'm Archana Kumari the most renowned call girls service provider. If you are not satisfied with your wife on bed and want to fulfill your dream of getting orgasm and full sensual entertainment with amazingly beautiful girls, Please follow me on the links given bellow.

    Escort services in Mumbai
    Escort services in Puri
    Escort services in Cuttack

    Escort services in Bhubaneswar
    Escort services in Gurgaon
    Escort services in Gurgaon

    Escort services in Jaipur
    Escort services in Jaipur
    Escort services in Jaipur

  9. Unlike other companies that offer Write My College Papers Services, we cover a broader scope when receiving orders. We accept orders from varied fields of study such as law, medicine, engineering, hospitality, business, and many more. Our Write My College Papers Writers are the best and most beneficial to students and even lecturers who may require teaching material.

  10. SAP security is used in very companies to protect their data from hackers.. Which is the best technology in the present market. Thank you so much sharing very valuable info. Now I get the clarity on subject. But, still I need some more info related to this SAP security.

    >> http://jdcoopercenter.org & download

  11. BlueStacks App Player is a tool that allows you to run Android applications on your PC with a comfortable menu.


  12. The article you have shared here very awesome. I really like and appreciated your work. I read deeply your article, the points you have mentioned in this article are useful
    sonic games