Skip links
Services

SAP Security Training

SAP Through the Eyes of an Attacker

Online SAP Security Training by RedRays is a comprehensive program designed to empower both seasoned professionals and beginners with in-depth knowledge and hands-on skills to secure critical SAP ERP systems. The course covers the fundamental concepts of the SAP environment, including the architectures of SAP ABAP, SAP NetWeaver, SAP AS Java, and SAP Cloud Connector.

A special emphasis is placed on modern technologies such as SAP Fiori and S/4HANA. Participants will explore SAP Fiori's integration with OData and UI5, which delivers an intuitive, modern user interface that enhances the overall SAP experience. Additionally, the course delves into S/4HANA, the next-generation ERP platform built on the in-memory HANA database, highlighting its role in optimizing business processes and driving digital transformation.

Throughout the training, you will engage in real-world scenarios and hands-on labs covering threat analysis, vulnerability assessment, and attack mitigation techniques. Topics include RFC vulnerabilities, attacks on SAP NW Java, privilege escalation methods, and reverse engineering of SAP patches for both ABAP and JAVA environments. Each day features a 6-hour session followed by an interactive Q&A to ensure comprehensive understanding.

Agenda

Our meticulously structured two-day program balances theoretical knowledge with extensive hands-on exercises. The training is organized as a progressive journey through the SAP security landscape, covering all critical components and attack vectors that security professionals need to understand.

SAP Security Training Agenda

Day 1

VA/PT/TM/Tools

Fundamental methodologies for security assessment, including Vulnerability Assessment, Penetration Testing, and Threat Modeling specifically for SAP environments.

Attack on SAP S/4HANA

Exploring common and advanced vulnerabilities in SAP ECC, S/4HANA, Business Suite, and NetWeaver AS ABAP.

Vuln. Exploitation

Deep dive into vulnerability exploitation techniques specific to SAP systems, including RFC callback attacks and debug mode exploitation.

Enqueue/MS issues

Security issues with SAP Enqueue Server and Message Server components, including "phantom attacker" techniques to bypass SAP ABAP lock functionality.

Day 2

Attack on SAP NW Java

Critical vulnerabilities in the Java stack of SAP NetWeaver, including authentication bypasses, directory traversals, and Java deserialization attacks.

P4 exploitation

Techniques for exploiting vulnerabilities in SAP's proprietary P4 remote method invocation technology.

SAP Cloud Connector

Security issues in SAP Cloud Connector, which is used to securely connect cloud applications with on-premises systems.

Forensic Tricks

Essential forensic techniques for SAP environments, including 5 basic techniques to identify compromises and threats.

Instructor

Vahagn Vardanian

Led by Vahagn Vardanian – a recognized expert in SAP security with over a decade of experience and a track record of identifying more than 150 vulnerabilities – this course equips you with the practical expertise needed to protect your SAP landscape against sophisticated cyber threats.

Please enable JavaScript in your browser to complete this form.

Registrant Information

Registrant's Name

Course Information

Training Options
Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.