Assessing the security of SAP ecosystems: Access from the SAP Application Layer to the Database

In previous posts we performed security assessments on the Management Console.

For the upcoming assessments we will need a tool to connect with the underlying databases. SQL*Plus is an Oracle utility with a basic command-line interface which allows us to connect with Oracle databases and execute queries in a simple fashion.

Assessing the security of SAP ecosystems with bizploit: The SAP Management Console

The SAP Management Console (SAP MC) is the centralized system management component. It allows you to monitor and control each SAP instance, display log and trace files, profiles and other parameters. You can also monitor system alerts and deep information about memory usage and processes in the system (e.g. Java VM® garbage collection and heap memory).