Assessing the security of SAP ecosystems: Access from the SAP Application Layer to the Database

In previous posts we performed security assessments on the Management Console.

For the upcoming assessments we will need a tool to connect with the underlying databases. SQL*Plus is an Oracle utility with a basic command-line interface which allows us to connect with Oracle databases and execute queries in a simple fashion.

Assessing the security of SAP ecosystems with bizploit: The SAP Management Console

The SAP Management Console (SAP MC) is the centralized system management component. It allows you to monitor and control each SAP instance, display log and trace files, profiles and other parameters. You can also monitor system alerts and deep information about memory usage and processes in the system (e.g. Java VM® garbage collection and heap memory).

SAP ecosystem security: understanding our arena

We are used to talk about SAP and its components, but in the following post we will put ourselves into the role of an SAP user faced with the environment we need to protect. This post can be considered an introduction to SAP security and the components we are interested in protecting.

SAP stands for Systems Applications and Products in data processing. It is a Germany-based company which for the last 42 years has been developing the most widely adopted ERP (Enterprise Resource Planning) systems used by the biggest companies in the world.

Pages