Skip to main content
SAP Security Advisory Header

We find your vulnerabilities before you get hurt!

With our security and compliance audits.


Our audits are designed to help you determine your SAP landscape's actual risk exposure and pinpoint areas that are open to potential attacks. They include everything from your infrastructure and SAP system parameters to individual component configurations and authorizations.

In addition to analyzing conflicts in the segregation of duties (SoD), we check whether third parties are logging into your systems without user IDs and whether users with low-level authorizations can potentially gain further privileges without attracting attention.

If your company's migration to SAP HANA or S/4HANA is right around the corner, our audits offer an ideal solution for safeguarding your systems and taking all the necessary security measures before you start your transition.

Ralf Kempf (Techn. Managing Director SAST SOLUTIONS)

Ralf Kempf (Techn. Managing Director SAST SOLUTIONS)

"In far too many cases, the way companies neglect the security of their SAP system is borderline reckless. It's rare that we come across cases where the infrastructure has been properly hardened and effective authorization management is an everyday priority. That's why most threats are identified far too late.

Our audits at a glance

  • Review of the mechanisms that control access to your systems
  • Security tests at the network, operating system, and database level
  • Examination of your standard users' authorizations and the parameters of your SAP systems
  • Inspection of your Internet configurations and encryption settings
  • Analysis of your critical area-specific and SAP system authorizations
  • Review of your SAP privileges with a focus on critical authorizations and SoD conflicts (SAP basis and applications)
  • Evaluation of your authorization, emergency user, and operational concepts
  • Analysis and assessment of your process controls and corresponding organization
  • We offer auditing services for the following systems: SAP ERP, SAP HANA, SAP S/4 HANA, SAP PI, SAP Portal, SAP Mobile Platform, SAP Gateway, web applications (including from non-SAP providers)

How our audits can assist you:

  • Full transparency regarding the actual risks your systems face
  • Coverage for every level of your SAP landscape
  • Checks based on SAP's security guidelines, recommendations from BSI, and the DIN ISO 27001 standard
  • Concepts you can reuse in future implementations
  • Systematic analyses facilitated by our certified GRC suite, SAST
  • Final presentation of results, including the degree to which your systems deviate from the ideal situation
  • Detailed descriptions of the causes of significant deviations (and the resulting risks)
  • Tailored analysis of your protection requirements, including specific recommended actions (optional)
  • Option to obtain "Verified SAP Security" certification once the results of your audit are addressed
  • All audits are available at a fixed price based on the number of SAP systems, modules, and/or company codes to be reviewed

Cyberattack experiences:

Trustwave study

SAST Events & Webinars
SAST Brochure

If you only need to take stock of the most acute security flaws in one of your SAP systems, we recommend our Security Quick Check. This service includes a review of the relevant security levels at hand, an assessment of the 10 most critical findings in your system and its authorizations, and a final presentation by our experts.

If you'd rather find out how long your SAP landscape would withstand an attack by external hackers (or an internal incursion), one of our simulated penetration tests will push your systems to their limits.

>> Return to SAST CONSUKTING overview