The NO MONKEY Advisory provides a strategic security solution that combines industry standards and our methodologies to guide organizations to adopt a tailored-to SAP security strategy. We focus on incorporating SAP security into your current cybersecurity strategy. We do this by focusing on the four elements within our framework.

Services Individual areas where we can help

  • SAP Penetration Testing

    To get governance about vulnerabilities and their severity for an SAP application, a penetration test using a grey box approach provides an efficient way to determine and classify vulnerabilities in an SAP application. As a result, activities to remediate vulnerabilities or mitigate the risk they expose can be conducted.

  • Code Security Review

    To get transparency of the security of an ABAP based 3rd party or custom implemented business applications and interfaces, a code security review can provide insights about code based security flaws, to what level the code applies to the code security standards in the organization and a common code security best practices in the ABAP technology.

  • SAP Security Assessment

    A hollistic approach identifies gaps and weaknesses throughout the different SAP control areas within the organization. Starting with different governance controls such as change and configuration management to a more technical assessment such as vulnerability assessments, helps ensure control areas are protected, implemented, and deployed as per the organizations requirements.

  • Core Business Application Security Workshop

    Throughout the workshop representatives of the three-lines of defense can describe their activities in regards to securing the SAP core business applications of the organization against cyber security threats. Within the workshop potential gaps and overlaps can be identified according to the core business application governance framework.

    The customers can scope the workshop in regards to a specific project, major change, or the security activites related to SAP in general. The workshop is prepared and moderated and guided by the advisor which will also acting as a translator between the three lines of defense.

  • Network Security Infrastructure Concept Review

    To understand the security implications of the companies core business application network setup with requirements to connect cloud services, vendor support accesses, and different data center sites, a review of the network infrastructure concept of the core business applications is an efficient way to mitigate application security risks by minimizing the attack surface on the network level.

  • SAP SDLC Security Evaluation Review

    The security of the software delivery pipeline is crucial to the security of core business applications and often ignored by audit, conducting review can provide transparency on critical threats. Due to the fact that SAP is very specific about the tools and approaches for development, integration, and deployment, common tool chains of DevOps Boilerplates and SSDLC (Secure Software Development lifecycle) concepts can't be applied.

    This area determines gaps in the current SDLC setup and also provide ways to close them in consideration of the overall SSDLC or DevSecOps strategy, which in return will improve the security culture in SAP customizing activities.