San Francisco Professional Events List

Advanced SAP® ERP Audit and Security - ASE441

Apr 19, 2017 - 08:30 AM - Apr 21, 03:00 PM
MIS Training Institute Holdings, Inc
MicroTek Computer Lab SF
655, Montgomery St

San Francisco,
ZIP: 94111

"Great 'hands-on' class using live scenarios in SAP. The flow of the class was perfect and have many take-aways to bring back to our audit team."
- Project Manager, Southwest Airlines

By attending this course, attendees will acquire the knowledge and skills to progress beyond the basic auditing employed by many auditors for SOX purposes, and become competent at an advanced auditing level to identify more in-depth operational and strategic risks. This three-day course will provide participants with an in-depth understanding of SAP Basis and security assessment techniques necessary for performing a deep-dive technical audit. You will learn the advanced risks and control opportunities that should be considered in a thorough audit of the SAP Basis system, including considerations when using SAP GRC.

On completion of this course, attendees will be able to develop an effective SAP technical audit plan and prioritize key steps, discuss techniques for controlling both dialog and non-dialog user security, assess the appropriateness of SAP Basis configuration settings, recommend procedures for controlling customizations, analyze SAP Basis and security-related tables and describe effective research techniques related to advanced SAP technical issues. In this seminar newer issues around SAP cybersecurity will be explored and demonstrations of techniques used for hacking SAP will be shown. Participants will advance their knowledge through hands-on access to an SAP system and get a chance to perform a mini security audit.

​Prerequisites: Audit and Security of SAP® ERP (ASE241)​ ​or equivalent experience
Advanced Preparation: None
Learning Level: Advanced
Field: Auditing
Delivery Method: Group-Live

Who Should Attend

IT auditors; Audit managers (responsible for audit planning); SAP security administrators; SAP Basis Methodology

CPEs: 24
INSTRUCTOR: Steve Biskie
LEVEL: Advanced
Tution $2,595


What You Will Learn​

1. Reviewing the Basics
• system parameters
• authorization concept
• assessing segregation of duties and critical access
• most critical basis and security risks

2. Advanced SAP System Parameters
• parameters that can cost you $
• parameters that mitigate terminated/transferred employee risks
• single sign-on parameters
• logging-related parameters

3. Advanced SAP Basis Security
• securing direct access to tables
• securing access to ABAP programs
• controlling administrator access
• controlling transport administration and access
• protecting security-critical objects and tables

4. Controlling Non-Dialog User Types
• system users
• communication users
• service Users
• reference users (and their undocumented risks)

5. Special Considerations
• protecting the most powerful ID in the SAP system
• global deactivation of authorization objects
• Remote Function Calls (RFC)
• virus protection

6. SAP Authentication Issues
• Secure Network Communications (SNC)
• X.509 client certificates
• SAP logon tickets

7. Netweaver Security
• Security for the SAP Web AS ABAP and Java components
• Protecting the SAP Gateway
• SAProuter issues

8. Advanced Auditing of SAP Customizations
• reviewing ABAP code for insecure statements and back doors
• including custom tables in change document reports
• securing customized objects

9. Hacking SAP (aka:  Hardening SAP against Hacking)
• current state of SAP cyber-security
• breaking SAP passwords
• taking over SAP user accounts
• SQL injection and other common exploits
• secure SAP programming (ABAP & Java)
• freeware hacking tools (and paid pen-testing tools)

10. Analyzing SAP Tables
• transparent, cluster and structure tables
• key configuration tables
• key master data tables
• using the SQ01 query builder
• data access with ACL/IDEA

Event Categories
Keywords: access , analyze, assessment , class , iOS, learn, Learning , methodology, opportunities , opportunitie


Events Calendar

26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 1 2 3 4 5 6

Event Location


VIP Life Time Subscription to our Newsletters!