Skip links
RedRays - Your SAP Security Solution
Services

Practical SAP Security Training

Enhance Your SAP Security Skills

At RedRays, we specialize in SAP penetration testing, Hybrid SAP Penetration Testing and SAP vulnerability assessment. Now, we’re offering our expertise to you through comprehensive SAP Security training programs. Whether you prefer online or on-site learning, we have the perfect solution for your team.

Our Advanced SAP Security Training

Our flagship training is an intensive three-day program designed for security professionals looking to deepen their knowledge of SAP security. Here’s what you can expect:

  • Level: Intermediate/Advanced
  • Delivery: Available both online and on-site
  • Focus: Practical, hands-on exercises and real-world scenarios
				
						┌── 1. DAY 1
    │   ├── 1.1. What is SAP
    │   ├── 1.2. List of SAP systems
    │   ├── 1.3. Tools and Softwares
    │   ├── 1.4. SAP Ports and Services
    │   ├── 1.5. SAP Instance and Client
    │   ├── 1.6. OWASP common vulnerabilities
    │   ├── 1.7. SAP SOD
    │   ├── 1.8. How to work with SAP
    │   ├── 1.9. SAP ABAP Architecture (rfc, profile parameters)
    │   ├── 1.10. SAP GUI
    │   ├── 1.11. Critical T-codes and functions
    │   ├── 1.12. AS JAVA Architecture
    │   ├── 1.13. Connect to SAP NW AS JAVA
    │   ├── 1.14. JAVA components (rmi, rfc)
    │   ├── 1.15. S/4HANA Architecture
    │   └── 1.16. How to work with S/4HANA
    ├── 2. DAY 2
    │   ├── 2.1. What is our threat model
    │   ├── 2.2. Vulnerability Assessment vs Penetration Testing vs Threat Modeling
    │   ├── 2.3. Analyzing potential attack vectors based on OWASP TOP 10
    │   ├── 2.4. ATTACK ON SAP AS ABAP
    │   │         ├── 2.4.1. Attack vectors and Defence Mechanism on Debug mode
    │   │         ├── 2.4.2. Attack vectors and Defence Mechanism on SAP_ALL
    │   │         ├── 2.4.3. Attack vectors and Defence Mechanism on Bruteforce passwords
    │   │         ├── 2.4.4. Attack vectors and Defence Mechanism on RFC
    │   │         ├── 2.4.5. Attack vectors and Defence Mechanism on RFC proxy
    │   │         ├── 2.4.6. Attack vectors and Defence Mechanism on Critical transactions
    │   │         ├── 2.4.7. Attack vectors and Defence Mechanism on SAP SSFS
    │   │         ├── 2.4.8. Attack vectors and Defence Mechanism on SAP OS system
    │   │         │   ├── 2.4.8.1. Privilege Escalation using OS issues
    │   │         │   ├── 2.4.8.2. Privilege Escalation using SAP process
    │   │         │   └── 2.4.8.3. Extract secrets using Wireshark
    │   │         ├── 2.4.9.  Attack vectors and Defence Mechanism on SAP Enqueue Server
    │   │         ├── 2.4.10. Attack vectors and Defence Mechanism on SAP Message Server
    │   │         └── 2.4.11. Proof of Concept for common fixed vulnerabilities
    │   ├── 2.5. ATTACK ON SAP AS JAVA
    │   │         ├── 2.5.1. Attack vectors and Defence Mechanism on SAP using Wireshark
    │   │         ├── 2.5.2. Attack vectors and Defence Mechanism on SAP using File upload
    │   │         ├── 2.5.3. Attack vectors and Defence Mechanism on SAP using Proxy
    │   │         ├── 2.5.4. Attack vectors and Defence Mechanism on SAP using Insecure Privilege
    │   │         ├── 2.5.5. Attack vectors and Defence Mechanism on SAP using RFC connections
    │   │         ├── 2.5.6. Attack vectors and Defence Mechanism on SAP using RMI/P4
    │   │         └── 2.5.7. Proof of Concept for common fixed vulnerabilities
    │   └── 2.6. ATTACK ON SAP CLOUD CONNECTOR 
    │             ├── 2.6.1. Attack vectors and Defence Mechanism on logs
    │             ├── 2.6.2. Attack vectors and Defence Mechanism on file execution (NTLM hijacking)
    │             └── 2.6.3. Attack vectors and Defence Mechanism on SAP Cloud Connector SSFS
    └── 3. DAY 3
        ├── 3.1. SAP PATCHES
        ├── 3.2. REVERSING SAP PATCHES FOR ABAP
        └── 3.3. REVERSING SAP PATCHES FOR JAVA

Training Highlights

  • Importance of SAP Security
  • Tools Utilization for SAP Security Assessment
  • Common SAP Software and Vulnerabilities
  • SAP Attack Vectors and Exploitation Techniques
  • Vulnerability Detection and Proof of Concept Development
  • SAP Cloud Connector Security
  • Remote Function Call (RFC) Exploitation
  • Privilege Escalation Techniques in SAP Systems
  • SAP Landscape Compromise Strategies
  • Segregation of Duties (SoD) in SAP Environments
  • SAP Authentication and Authorization Mechanisms
  • Analysis of SAP Ports and Services
  • Critical SAP Transaction Codes (T-codes) and Their Security Implications
  • Most Critical SAP Vulnerabilities and Mitigation Strategies

Why Choose RedRays for Your SAP Security Training?

  • Led by Vahagn Vardanyan, a recognized expert in enterprise application security
  • Hands-on exercises with real-world scenarios
  • Access to exclusive scripts and tools used by RedRays professionals
  • Flexible learning options: online or on-site training available
  • Small class sizes for personalized attention
  • Up-to-date content covering the latest SAP security threats and best practices
Customized Training Solutions

We understand that every organization has unique needs. That’s why we offer customized training programs tailored to your specific requirements. Whether you need to focus on particular SAP modules or address specific security concerns, we can design a program that meets your objectives.

Ready to Secure Your SAP Environment?

Empower your team with the knowledge and skills they need to protect your critical SAP systems. Contact us today to learn more about our training programs or to schedule a session for your organization.

Please enable JavaScript in your browser to complete this form.

Requester Details

Requester's Name
Location
Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN