Fundamentals of Assessing Security Controls and the Security Posture of SAP Solutions/Systems

If you are a security tester or auditor, you need to assess the effectiveness of security controls and the overall security status of commonly used SAP business software applications and systems to identify common relevant security problems. This course will teach you the specific security traits and common security issues related to the typical use of SAP business software applications. You will gain the competence to create immediately applicable tactics to remediate or mitigate identified vulnerabilities.

Over four days you will be guided by live instructors through 28 different security modules. Each security subject is taught from both the attacker's and defender's perspective. Each topic is broken down into easy-to-understand bite-sized concepts that utilize different styles of learning and engagement. You'll get access to an SAP-explicit training environment to practice new skills. As a result of this training, you will have the fundamental knowledge and skills needed to assess the security controls and posture of the most relevant SAP software solutions and systems.

In this extensive course, over 4 days you will:

  • Assess the effectiveness of security controls and the overall security status of commonly used SAP business software applications and systems to identify common relevant security problems
  • Learn to identify and understand the specific security traits and common security issues related to the typical use of SAP business software applications resulting in the competence to create more specific and practical advice to remediate or mitigate identified vulnerabilities

Class Information

  • 32 hours, spread over four days, breaks included
  • 9 am - 5 pm CET
  • 7 - 14 people per class
  • Price: 700 EUR (taxes not included) per person
  • Access to an SAP training environment
  • Focus on applying methodology with games
  • Taught by security expert

Technical Prerequisites

Software Versions

Unrestricted

Who’s a Good Fit

  • SAP Security Control Assessors
  • SAP Security Software Assessors
  • Application Penetration Testers
  • IT Auditors
  • DevSecOps Engineers
  • Application Security Engineers

Prerequisites

Mandatory

  • Network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defence-in-depth)
  • Security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA])
  • Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model)
  • Penetration testing principles, tools, and techniques
  • Controls related to the use, processing, storage, and transmission of data
  • Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

You Can

  • Conduct vulnerability scans and recognise vulnerabilities in security systems
  • Apply confidentiality, integrity, and availability principles
  • Determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
  • Discern the protection needs (i.e., security controls) of information systems and networks
  • Recognize and categorizing types of vulnerabilities and associated attacks
  • Manage test assets, test resources, and test personnel to ensure practical completion of test events. Conduct reviews of systems
  • Conduct application vulnerability assessments
  • Assess security systems designs
  • Interpret vulnerability scanner results to identify vulnerabilities
  • Manage knowledge, including technical documentation techniques (e.g., Wiki page)
  • Perform target system analysis

About the Instructor

Marco HammelCo-Founder and CTO, NO MONKEY
  • More than eight years in educating, advising, and securing people, processes, and SAP technology
  • With his experience as a software developer, the topic of code and software pipeline security is his main focus
  • CISSP certified cybersecurity expert with an SAP technology background

Reach out to us to book a training for you or your team!

Send us a message

Read Our Customer Success Story

"Let me first say that I had some previous contact with other SAP-related trainings, but this one was by far the best. One can clearly see that you are a knowledgeable trainer with a wide array of expertise, willing to sidetrack interesting topics as they arrive."

Alexander MeierTeam Lead SAP Security Services at SEC Consult

Read the Customer Success Story

Security is Culture!