Atos team receives custom training on SAP application security

About the Customer

Atos is a global leader in digital transformation with multiple delivery units worldwide. Aware of their customer’s security challenges, Atos provides various cybersecurity services in all areas of blue and red team activities.

The Challenge

Amongst the Atos customers, many use SAP solutions for their top critical business applications. Due to the emerging SAP threat landscape, more customers ask to perform offensive security assessments on their SAP environment. SAP technology and its specific security traits are nothing usual for cybersecurity professionals. However, understanding the environment is essential to delivering a risk-based and efficient security assessment. The team wanted to tackle the challenge to help their customers find the holes in their SAP defence and help them be fixed. But how do you navigate the sea at night when you don’t know the stars?

Our Strategy

SAP security is a big puzzle, and every environment consists of different pieces. Security professionals are experts in assessing the different pieces and their flaws. Understanding how they connect is important to find where a whole system can break. Therefore, it’s essential to teach the operating concepts and processes running SAP solutions in addition to the technology’s security traits. With Phillip’s help, we developed a curriculum based on an aligned learner profile. The team should get a 360-degree introduction to SAP application security, including security architecture, frameworks, terms and tools, remote services and protocols, access management and authorisations, and configuration and code vulnerabilities.

Our Solution

During an extensive four-day online training collaboratively held with our partner log2 (Holger Stumm), the learners were guided through a combination of lecturing and exercise parts with access to a lab environment, including an SAP S/4HANA© system and offensive tooling. A vital exchange was always ongoing in the collaborative learning room, including a competition – What’s the funniest meaning of SAP. Guess which one won!

“Time flew by in this relaxed learning atmosphere; I would have wanted to have more.”

Phillip Stark, Team Lead
Penetration Testing

Stay Informed With the Latest From NO MONKEY

Subscribe to NO MONKEY Updates to stay informed with the latest security tips, events, Open Trainings Session Calendar, Academy course offerings, Advisory services, and blog articles.