SAP Security Check - Vulnerability is Everywhere a Problem - Detect it Now !
SAP offers a new remote service focused on the security settings of customer installations. With this service the vulnerability of SAP systems can be strongly reduced.
I was involved during the development of this service in the last year and it turned out to be really useful for our customers. We had very positive feedback from our pilot customers. The interesting point was, that every customer was very glad to have done this check and the found problems were always different. So, in my eyes it is very recommendable to do this check just once and get a general overview on the situation!
This new service is offered from SAP Active Global. This service called Security Optimization Service (SOS) checks SAP installations at customers for dangerous security settings and vulnerabilities.
Currently the following SAP components can be checked:
- SAP WebAS ( R/3-Basis)
The pricing with 2.000 Euro per system for all the components is very moderate - especially when you keep in mind, that an experienced security consultant needs more than a week in order to detect as many issues and vulnerabilities.
More information can be found in the SAP Service Marketplace at:
For further questions or just ordering the service send a mail to the "Security Check People":
Checked Components in Detail:
Checked Component "SAP Basis WebAS":
- Basis administration check
- User Management check
- Super users check
- Password check
- Spool & printer authorization check
- Background authorization check
- Batch Input authorization check
- Transport control authorization check
- Role management authorization check
- Profile parameter check
- SAPgui Single-Sign-On check
- Certificate Single-Sign-On check
- External authentication check
Checked Component "SAP ITS - Internet Transaction Server":
- Landscape check
- WGate and AGate configuration check
- Administration check
Checked Component "SAP Business Connector (BC)":
- Landscape check
- Configuration check
- Port check
- SSL check
Checked Component "SAProuter":
- Saprouttab check
- OS access check
- SNC check