Agenda szkolenia
- Operating System
- File System Security* Windows/Linux, Access Control, User concept
- Starting Applications from SAP
- Database
- Database access (SAP, external)
- DB hardening
- Network
- Firewall, Proxy servers
- SAP Web Dispatcher*, SAProuter*
- Hacking tools*
- Brute Force Attacks*
- RFC Gateway Hack*
- SAP
- User authentication and access control
- Access over the client barrier
- Identity Provisioning and Identity Federation with NetWeaver Identity Management
- SSO (logon tickets, SAML, SPNego, etc.)
- Authorisation*
- Switchable authorisation checks
- SAP NetWeaver AS Java
- SQL-Injection
- Automated penetration test*
- SAP Gateway Security*
- Misuse of RFC callback
- Identifying redundant Custom Coding (UPL)
- SAP Security Patching – Best Practise and Tools
- Communication Interfaces (RFC, http(s))*
- Encryption
- Security in transportation*
- Logging and trace option
- SAP Solution Manager, Agents and Wily Introscope Enterprise Manager
- Enhanced Security in Solution Manager 7.2
- New products , tools and transactions of SAP security related news:
- Enterprise Threat Detection (ETD)
- Read Access Logging (RAL)
- Unified Connectivity (UCON) – introduction
- Authorisation maintenance based on UCON
- Defining different security policies for user groups (secpol)
- (*)will be simulated by the participant as attacker and defender with help of the trainer