In our SAP penetration test, we focus on your SAP systems and examine them for known vulnerabilities.

What is the goal of the SAP penetration test?

  • the identification of vulnerabilities
  • the detection of potential errors resulting from (faulty) operation
  • the increase of security on a technical and organizational level and
  • the confirmation of IT security by an external third party.

One of the central tasks of SAP penetration tests is to examine the interfaces through which a potential attacker could penetrate an SAP system. Here, the focus is particularly on examining interfaces that are directly accessible via the Internet. The aim of these tests is to uncover configuration errors and vulnerabilities that have not yet been remedied. In this way, possible gateways for attacks are identified and eliminated.

Within the scope of a penetration test by Tönjes Consulting, the individual needs and wishes of the customer are addressed. Depending on the requirements and needs, the test can be performed in different depths to obtain a comprehensive picture of the security situation in the SAP system. Various aspects such as checking user authorizations, network access and system configurations are taken into account. The goal is to identify and specifically eliminate potential vulnerabilities, thus ensuring the security and stability of the SAP system.

Types of penetration test

In a small SAP penetration test, security-relevant configurations and sets of rules of the SAP systems used are examined on a random basis in the form of a technical audit and recommendations are made for closing possible vulnerabilities. SAP recommendations are taken into account. The IT systems are examined together with the administrators.

During a comprehensive SAP penetration test by Tönjes Consulting, in addition to the technical audit, vulnerabilities in the tested systems are detected by means of technical examinations, among other things with the help of special security tools. For this purpose, Tönjes Consulting accesses the systems via the customer network under the supervision of the administrators.