Services

Professional Services

Webcast

  • Explore our webcast schedule and achieve business-critical application security success.

  • JOIN US

Because over 75% of all transactions occur on business-critical applications, data from these systems is endlessly valuable to attackers

- Christian Christiansen -
VP for Security Products & Services

.

Blog

  • The expert source for strategies, research and information to achieve business-critical application security success.

  • READ

Onapsis tells us so much more about the vulnerabilities present in our SAP system than SAP itself could ever hope to without the support of Onapsis.

Penetration Testing of SAP Systems

Penetration Testing simulates the process used by malicious attackers to access your SAP business-critical applications. By gaining access, hackers can compromise your systems by performing espionage,
sabotage, and fraud. 


Our experts replicate the behavior of a potential attacker by first identifying target SAP systems in your network. Next, existing vulnerabilities are detected and used as a point of access to the systems. Once in the systems, our consultants perform simulated attacks in order to illustrate the real impact of a security breach.

Service scope can be specifically defined for the following SAP platforms:

  • Penetration Testing of SAP HANA Systems
  • Penetration Testing of SAP Mobile Systems
  • Penetration Testing of SAP ABAP NetWeaver Systems
  • Penetration Testing of SAP J2EE NetWeaver Systems

Key benefits:

  • Analyze the real business impact of an information security breach in your core SAP platform implementation.
  • Identify existing vulnerabilities affecting your SAP platform (SAP application layer).
  • Report potential business impact and scenarios to help raise awareness with key business stakeholders.
  • Determine if your SAP security posture is protected against external and/or internal attacks.
  • Obtain a comprehensive action plan and detailed solutions for mitigating discovered risks, and increasing security levels within your platform

Deliverables:

  • Executive Summary of existing risks and the possible impacts for the business.
  • Technical Report describing performed activities, identified attack vectors, proof-of-concepts and detailed vulnerability information.
  • Mitigation Plan presenting a recommended action plan with detailed mitigation procedures for each detected issue.

To learn more about how Onapsis’ SAP Security service can assist your company, please contact us here.


Vulnerability Assessment of SAP Systems

Vulnerability Assessment detects existing security vulnerabilities currently placing your organizations SAP systems at risk of being accessed by unauthorized users.

Using internally developed tools and techniques, Onapsis consultants perform a remote blackbox assessment of the target platforms without requiring initial user access credentials to the systems.

Additionally, Onapsis’ SAP Vulnerability Assessment service leverages the most advanced research available from Onapsis Research Labs. Our consultants regularly perform the industry’s most comprehensive vulnerability assessments of SAP systems to reliably identify SAP-specific vulnerabilities in all components of the target SAP platform.


Service scope can be specifically defined for the following SAP platforms:


  • Vulnerability Assessment of SAP HANA Systems
  • Vulnerability Assessment of SAP Mobile Systems
  • Vulnerability Assessment of SAP ABAP NetWeaver Systems
  • Vulnerability Assessment of SAP J2EE NetWeaver Systems

Key benefits:

  • Quickly identify critical vulnerabilities affecting your SAP platform (SAP application layer)
  • Determine if your SAP security posture is protected against external and/or internal attacks.
  • Obtain a comprehensive action plan and detailed solutions for mitigating discovered risks, and increasing security levels within your platform

Deliverables:

  • Executive Summary of detected vulnerabilities and the possible impacts for the business.
  • Technical Report detailing detected vulnerabilities and associated risks.
  • Mitigation Plan outlining a step-by-step action plan with detailed mitigation activities for each detected issue.

To learn more about how Onapsis’ SAP Security services can assist your company, please contact us here.



Security Audit of SAP Systems

Security Audit of SAP systems analyzes the existing security level of your SAP implementation and identifies security weaknesses that could compromise your organizations business-critical applications.
Using internally developed tools and techniques, Onapsis consultants perform a whitebox assessment of the target platforms. This provides identification of security misconfigurations, missing security patches and dangerous user authorizations.

Equipped with an ever-evolving knowledge-base of security threats affecting SAP systems, our consultants are able to reliably detect existing risks throughout your entire SAP platform. Due to industry-specific compliance guidelines, our Security Audit of SAP Systems service consists of various sub-services as they apply to your organization. 

The following audits are included in our full service, as applicable:

  • Baseline Security Audit:
    This is the first step of our comprehensive security audit. SAP platforms are analyzed to determine how well your organization’s current security methods measure up to industry best practices. Key components of your business-critical platforms are checked for technical and process vulnerabilities. 
  • SAP AG Guidelines Security Audit:
    In 2010, SAP released a set of guidelines that outline security measures for ABAP, HANA and JAVA against unauthorized access within the corporate network. Our SAP AG Guidelines Security Audit verifies if your SAP platform is compliant with these guidelines by identifying missing security measures. Once identified, we provide high-level guidance on how to effectively implement best practices to ensure streamlined resolutions across your SAP platforms.  
  • PCI DSS Security Audit:
    Every company that processes cardholder information must comply with the PCI DSS regulation. Since many SAP platforms are subject to PCI DSS, it is imperative to verify whether there are compliance violations or potential data breeches. Our PCI DSS Security Audit analyzes your SAP platform to detect SAP-specific non-compliance items and provide information on how to effectively resolve PCI related issues prior to performing a company-wide PCI assessment by an auditor.
  • SOX Security Audit:
    Our SOX Security Audit verifies if your business-critical applications are within the scope of SOX compliance. To do so, our consultants assess your SAP platforms beyond segregation of duties conflict matrix to identify and mitigate risk wherever applicable.
  • ISACA Security Audit:
    Our ISACA Security Audit evaluates whether your essential security functions are being managed effectively.  To do so, our consultants perform a comprehensive assessment of your organization’s security team, focusing on main areas of management including Identity, IT risk, systems, and vulnerability.
  • NERC CIP Security Audit:
    Our NERC CIP Security Audit identifies whether your business-critical applications are compliant with CIP Standards. To do so, our consultants analyze your SAP platforms to identify non-compliant areas, and delivers a comprehensive action plan for resolution.   

Service scope can be specifically defined for the following SAP platforms:

  • Security Audit of SAP HANA Systems
  • Security Audit of SAP Mobile Systems
  • Security Audit of SAP ABAP NetWeaver Systems
  • Security Audit of SAP J2EE NetWeaver Systems

 

Key benefits:

  • Quickly identify compliance gaps against industry regulations or your organization’s standards
  • Rceive in-depth knowledge of existing vulnerabilities affecting your SAP platform (SAP application layer)
  • Obtain a comprehensive action plan and detailed solutions for mitigating discovered risks, and increasing security levels within your platform

Deliverables:

  • Executive Summary of detected vulnerabilities and the possible impacts for the business.
  • Technical Report detailing detected vulnerabilities and associated risks.
  • Mitigation Plan outlining a step-by-step action plan with detailed mitigation activities for each detected issue.
  • Compliance Report (if applicable)

 

To learn more about how Onapsis’ SAP Security services can assist your company, please contact us here.