SAP Security Audit
The goal of the SAP system security audit is to reveal as many security vulnerabilities as possible in the SAP ERP application and the appropriate database. It is also possible to perform a security audit of J2EE, Portal, SAP Web AS or SAP PI module.
The test consists of many phases including:
- detection of default system users
- detection of existing clients in individual SAP instances
- security analysis of reports, tables, specific ABAP applications, ABAP dumps, joblogs, spool queries, rfc / snc destinations
- security analysis of the appropriate databases (Oracle, MSSQL and others)
- security audit of running instances, transport system, user/roles permissions and profiles