SAP® Security Audit and SAP® Penetration Testing
94% of all akquinet penetration tests successful
In the course of our IT vulnerability scans , our testers carry out penetration tests. At 94% of the businesses tested we were able to gain access to the local system within an average of less than one hour. In 83% of the cases we were able, starting from the tested system, to penetrate into further SAP® systems without the monitoring tools being used becoming aware of the penetration.
Detecting Issues that are Critical to Security
The goal of our SAP system security audit is to detect issues in the technical protection of existing SAP systems at the following levels: operating system, database, and network access. In particular, it analyzes whether third parties without user IDs can log on to the system and whether internal users that have user IDs with low authorizations can enhance their privileges.
Our SAP® security checks take place on two levels.
Level 1: Manual SAP® Penetration Testing
During the penetration test (without previous knowledge), an akquinet auditor attempts to gain access to the system or exploit technical issues to call functions at the levels of the operating system, database, or the SAP® standard system. The goal of these penetration tests is to simulate an attack by internal attackers. These penetration tests are performed manually in the system.
Level 2: Tool-supported, systematic SAP® security audits
Our SAST GRC module SystemTrack guarantees systematic checking and detection of all check fields during the SAP® security audit (with complete previous knowledge). During the tests, performed by the akquinet auditors, all relevant SAP®-system components (ABAP stack, Java stack, operating system, database) and the SAP® settings are analyzed.
This SAP® security audit contains comprehensive tests for the following areas:
- Access control to the system,
- Testing the security at the operating system level and database level,
- Check for standard users and passwords (detail), check for parameters and settings,
- Check for Internet configuration and cryptography settings,
- Executing a penetration test from the intranet, including checking the SAP J2EE stack
Among other things, we have executed SAP® security audits and penetration tests for the following systems:
- SAP ERP,
- SAP XI,
- SAP Portal,
- SAP Mobile Platform,
- SAP Gateway,
- Web applications (SAP and non-SAP)
Advantages of our SAP® security audits and our SAP penetration testing:
- Transparency about all critical security holes in your SAP system
- Suggestions for improving system security and data protection
- Reusable concepts for future SAP implementations
Look at our flyer for detailed information about the Security Audit and Penetration Tests .