SAP Security Audit

Why is SAP Auditing important?

It’s not a secret that critical corporate data stored and processed in ERP systems is vulnerable to numerous types of attacks. The reasons are simple: they are extremely complex, highly customizable and in many cases their owners rarely install security patches.

Furthermore, when it comes to ERP security we should bear in mind that all security measures are spread across three areas: segregation of duties, vulnerability management and source code scanning. Traditional security solutions, however, cover very few of the corresponding treats. As was said in Gartner’s Market Guide for Vulnerability Assessment: “In-depth assessments of databases and applications such as ERP systems (for example SAP or Oracle), especially, are not widely supported in traditional VA solutions, which focus on devices.”

To protect your system the right way you need to know what to protect it against in the first place. Comprehensive security assessment of your SAP systems will help you determine major areas of focus to secure most critical assets from cyber-attacks.

Why choose us for SAP Security Audit?

We are a team of highly competent experts, aware of how prone are SAP systems to attacks. We will perform comprehensive assessment of your SAP systems, checking every security level: starting from landscape architecture, network configuration, OS hardening and database settings to technical details of SAP component security. In addition to that we will check custom ABAP and JAVA programs for vulnerabilities, missing authorization checks and backdoors by deploying proven code security scanning technologies. Access control and segregation of duties issues are checked with respect to system, module and industry specifics.

This service will suit you if you’re looking for a 360-degree coverage of your SAP landscape security with highlights on critical aspects.

SAP Security audit checklist

Checks conducted during security assessment:

  • Security assessment of network, OS, DBMS related to SAP;
  • SAP vulnerability assessment;
  • Whitebox security configuration checks;
  • Critical access control checks;
  • SAP custom code security review (optional);
  • SAP segregation of duties analysis (optional);

SAP security audit report

Upon completion you will be issued a report containing:

  • List of identified vulnerabilities and misconfigurations;
  • List of users and roles in SoD conflicts *(if SOD Security assessment is selected);
  • Descriptions of real attack vectors;
  • Descriptions of business risks related to potential exploitation of vulnerabilities;
  • SAP Security Audit guidelines for secure system configuration;
  • SAP Security checklist for further steps.

Why us?

Experience is the best warranty for high-quality services. Our employees have gained a lot of experience in information security assessment and enterprise application security while working with some of the world’s largest organizations.

It’s all about details

We perform over 10 000 security checks in total.

Not just the standard checks

We conduct checks that are specific to different systems such as CRM, SRM, BI, PLM and industry solutions.

We know industry specifics

ERPScan is possibly the only organization that provides comprehensive expertise of every SAP security area with respect to industry specifics.

We are researchers

ERPScan research center participates in managing EAS-SEC project dedicated to enterprise application security analysis.



Gold Winner In Advertisements
“We would like to thank the world-class security experts of ERPScan for the highly qualified job performed to help us assess the security of our pre-release products.” Senior Director, Product Security, Technology and Innovation Platform SAP Labs, Palo Alto, USA

Interested? Request demo now

Contact us today.

    Select your country:

    Subscribe me your to mailing list