SAP Security Assessment
We perform a series of steps to make sure that we check your landscape thoroughly to eliminate the odds of being attacked from existing vulnerabilities that external attackers might leverage on OR internal openings that insider attackers can take advantage of. Some series of steps amongst many that we follow to perform a well thought through Assessment are: Port Scanning Your SAP Application to Footprinting and Enumerating your SAP Application with automated tools like Bizploit or our partner ERPScan solution (checking over 7500 checks)
At the end of the Security Assessment programme, we present you an extensive report on the List of Vulnerabilities and Misconfigurations, List of users with critical access, List of vulnerabilities in Custom programs and web services, List of Users and Roles in SOD conflicts.
We check all your SAP systems from ERP, CRM, SRM, BI, PLM, HANA and present you a Topology Threat Map to show you how the vulnerabilities in one system affects the integrity of your total landscape.
We go a step further to show you the Real attack vectors describing how your systems are prone to attacks, thereby showing Business Risks related to the Exploitation of those Vulnerabilities. We also give you a report on Security Guideline for General System Configuration.
SAP Penetration Testing
It goes without saying that a user with “SAP_ALL” rights can be referred to as SAP GOD. As much as direct access to the database means complete SAP compromise. We perform a blackhat testing of your system to check all vulnerabilities and exploits on your SAP Router, Remote function Calls, SAP management Console and ICF (Internet Communication framework).
The CFO must realize that weak SAP security configuration can lead to business frauds, the CISO and/or CSO must also know that SAP Security is much much more than User Roles and Authorizations! Our experience validated by research shows that most Security configurations of SAP systems are left by default and ofocurse many configurations are not secure (“even in vanilla implementations”). DeltaGRiC helps to support your organization with SAP Penetration testing so as to know if your system is secure, if your SAP implementation can be attacked and what the real potential impact could be.
We help you detect the loopholes and weaknesses, secure them and increase the securirty level of your system thereby decreasing your internal fraud risk or External SAP Cyber Attack Surface area.
Every breach occurs in such a way that the attacker (s) always leaves a signature tracks behind. DeltaGRiC supports organizations by helping them extract evidence from their SAP systems following a data breach to understand what went wrong, what led to the attack and also how to prevent the next breach.
We treat each incident in a special way by collecting the breached signatures, analyzing them and then present the outcomes in a reports that can be presented at any court of criminal justice that understands Cyber law prosecution. We also advise provide counseling services on SAP and PeopleSoft breach cases. For SAP, it is possible that critical information can be hidden between the rows of SAP tables such as BKPF, BSEG, BSIK, BSAK; EKKO, EKPO; MARA, MARB, MARC, MBEV, VBAK or VBRK. We have the right set of skills to understand these.
Oracle PeopleSoft Vulnerability Assessment
With the Largest database of Oracle PeopleSoft issues including 0-days exploits, we work with our partners – ERPScan to deploy Industry’s first vulnerability management solution for Oracle PeopleSoft. We are currently tasked with the responsibility of selling and implementing the ERPScan Add On for PeopleSoft solution across West Africa, South Africa, central and East Africa.
Suffice to mention that this is agentless as it does not require any agents or modification of Oracle PeopleSoft. The current add-on supports security checks for Oracle PeopleSoft application stack including Oracle WebLogic and Oracle Database.
We offer onsite and remote training though our technical partners. DeltaGRiC’s in-depth training workshops and seminars are designed to provide security professionals with the skills to fortify every attack surface in SAP systems through:
• Secure network architecture and communications
• Comprehensive identity and access governance
• Configuration of SAP applications servers, operating systems and databases
• Secure ABAP and Java development
• Client-level security for SAP GUI and Web-based access.