HomeServicesSAPSAP Penetrating Testing

Onapsis Latest Publications

SAP Security In-Depth Vol.4

Read Case Study

Westinghouse Electric

Consulting Services

SAP Penetration Testing

“Would a malicious hacker or insider be able to break into my SAP platform and perform espionage, sabotage and fraud attacks to my business-critical information? How can I stop him?”

The SAP Penetration Testing service simulates the process performed by malicious hackers, in their attempt to access your SAP business platform to perform criminal activities like espionage, sabotage and fraud. These individuals can be malicious insiders or external intruders.

Our experts mimic the behavior of a potential attacker, identifying the target SAP systems in your network, detecting existing vulnerabilities and taking advantage of them to access the systems. Once in the systems, and counting with the customer’s authorization, our consultants produce proof-of-concepts (without any modification or service disruption of the systems) in order to illustrate the real impact of a security breach.

Key benefits:

  • Understand the real business impact of an information security breach in your core SAP business platform.
  • Use the outcome to raise awareness within key business stakeholders.
  • Identify existing vulnerabilities affecting your SAP platform (optionally including network, operating system and database layers).
  • Choose whether to understand your security posture against external or internal attacks.
  • Choose whether to understand your security posture against malicious employees (greybox) or anonymous attackers (blackbox).
  • Obtain a suggested action plan and detailed solutions to mitigate discovered risks, increasing the security level of the platform.


  • Executive Report with a summary of existing risks and the possible impacts for the business.
  • Detailed Technical Report, describing performed activities, identified attack vectors, proof-of-concepts and detailed vulnerability information.
  • Mitigation Plan Report, presenting a recommended action plan with detailed mitigation activities for each detected issue.