Course announcements

  • This Workshop is based on a scenario in which the participants are acting as attackers as well as defenders (Like a security ‘strategy game’ attacking and defending each other.)


  • Today, attacks on SAP systems are a daily occurrence. You will face hackers with very good SAP knowledge, who use the smallest security holes to get access to enterprise data. This workshop will provide you with knowledge about these attacks, so you can be better prepared for the potential dangers in your own SAP system.


  • System Managers
  • System Administrators
  • Auditors
  • Technical Security Team Members




  • Knowledge of security topics
  • Technical background (Web technology, SAP Basis) SAP System Administration

Course based on software release

  • SAP NetWeaver 7.02/ SAP NetWeaver 7.4


  • Operating System
    • File System Security* Windows/Linux, Access Control, User concept
    • Starting Applications from SAP
  • Database
    • Database access (SAP, external)
    • DB hardening
  • Network
    • Firewall, Proxy servers
    • SAP Web Dispatcher*, SAProuter*
    • Hacking tools*
    • Brute Force Attacks*
    • RFC Gateway Hack*
  • SAP
    • User authentication and access control
    • Access over the client barrier
    • Identity Provisioning and Identity Federation with NetWeaver Identity Management
    • SSO (logon tickets, SAML, SPNego, etc.)
    • Authorisation*
    • Switchable authorisation checks
    • SAP NetWeaver AS Java
    • SQL-Injection
    • Automated penetration test*
    • SAP Gateway Security*
    • Misuse of RFC callback
    • Identifying redundant Custom Coding (UPL)
    • SAP Security Patching - Best Practise and Tools
    • Communication Interfaces (RFC, http(s))*
    • Encryption
    • Security in transportation*
    • Logging and trace option
    • SAP Solution Manager, Agents and Wily Introscope Enterprise Manager
    • Enhanced Security in Solution Manager 7.2
  • New products , tools and transactions of SAP security related news:
    • Enterprise Threat Detection (ETD)
    • Read Access Logging (RAL)
    • Unified Connectivity (UCON) - introduction
    • Authorisation maintenance based on UCON
    • Defining different security policies for user groups (secpol)
  • (*)will be simulated by the participant as attacker and defender with help of the trainer


  • AddOn conducts this training in co-operation with SAP Education.

Submit your request

Is the course not scheduled? Or looking for other dates and locations that fit your schedule? Let us know what works for you by clicking the button below and select your preferred location. We will do our best to consider your request.

Note: Location can be for a Virtual Classroom, Public Classroom or Any location (Any Physical location except Virtual Classroom.)

Register Interest