Sap pi training material pdf forward this error screen to 192. I decided to start a new series of articles, “SAP Security for beginners”. Everyone who is already into security, but wants to know more about SAP Security in particular, and doesn’t know where to start will benefit from these posts.
The series of articles will provide a systematic immersion in SAP Security for those who take their first steps in this amazing adventure. Security engineers, administrators, security consultants, penetration testers, researchers, CISOs, CIOs, and even SAP basis team will benefit from article. Let me introduce myself and my story of growing from security researcher, pentester, and consultant to SAP Security expert. I hope it may help you in your way of becoming a professional in this area too. SAP and Oracle’s business applications from attacks and insider frauds.
It was almost 10 years ago when I met the SAP Security issue for the first time. I was an intern pentester at a consulting company. SAP Security area except some articles covering Segregation of Duties and access control. Thus, all that was possible to find was some information about how to configure a user account to prevent executing two critical actions such as create payment order and then approve it. However, methods that an attacker can get access to SAP without any rights and how to analyze whether any vulnerabilities exist in the system were missing. There wasn’t any information about vulnerabilities except a couple of buffer overflows, without any examples of working exploits.
I decided to explore this system by myself. Surprisingly, it took me 15 minutes to find a 0-day vulnerability in the system and I obtained full access to SAP. When we presented managers of the company our findings, they were shocked that we could break into such crucial system, that it was quite easy to do and that the system stored all mission-critical data of their company. After that, I realized that SAP system was crucial for every company and, surprisingly, nobody cared about its security, so I decided that I definitely should learn more about ERP systems. A completely new world of Business applications, totally unknown for most of the security experts opened to me.