Skip to main content
SAP Pentest Header

We find your vulnerabilities before you get hurt!

Penetration tests for your SAP systems.


From external attacks to manipulations by internal entities, our experts can simulate various incursions to mimic common attack patterns and methods, force their way into your SAP systems, and reveal their last remaining vulnerabilities.

These pen tests are based on the latest recommendations from the German Federal Office for Information Security (BSI) and our own proven best-practice scenarios for determining how exposed your systems are to such intrusions.

Even as threat profiles evolve and new security-relevant factors emerge, our SAST Suite and managed services for SAP security and compliance will provide your systems with comprehensive long-term protection following a pen test or audit.

Ralf Kempf (Techn. Managing Director SAST SOLUTIONS)

Ralf Kempf (Techn. Managing Director SAST SOLUTIONS)

"In 94% of our penetration tests, we've been able to gain access to local systems in less than an hour - and almost always to adjacent systems, as well. In the process, none of our attempts to break into these systems have been detected by the monitoring systems in use."

Level 1: Black-box testing from the Internet

In this first step, we use realistic attack patterns to simulate the typical attempts made by external hackers. Our experts search through publicly accessible databases and inquire with various sources to find the information they need.

The goal is to gain access to your systems without an authenticated user, which involves exploiting technical flaws to execute functions at the database, application, and operating system level. In our black-box tests, we use both manual methods and tools like Metasploit and Nessus to locate the vulnerabilities in your infrastructure.

Level 2: White-box testing from your intranet

The second step focuses on simulating internal incursions. Here, the detailed knowledge at our experts’ disposal ranges from the limited proficiency of typical employees to the in-depth system expertise possessed by IT service providers (those tasked with installing security-related systems, for example). We conduct our white-box tests manually to uncover the internal weaknesses in your databases, applications, and operating systems.

How our pen tests can assist you

  • Full transparency regarding how vulnerable your systems are to attacks
  • Analysis of the prior knowledge and time horizon required to exploit your security flaws
  • Simulated incursions based on the latest BSI recommendations and our proven best-practice scenarios
  • A final presentation that includes documentation of our assessment methods, the results of our simulated attacks, and tailored recommendations for your company
  • Follow-up workshop where we present the vulnerabilities we've found and explain the specific risks your company faces
  • Our pen tests are available at a fixed price based on the number of SAP systems to be reviewed.

Trustwave study

Before you subject your SAP systems to the real stresses of our penetration testing, we recommend scheduling one of our SAP security and compliance audits. This will give you complete transparency regarding the potential risks to your landscape and analyses of how it may deviate from your target situation.

An audit is also the perfect way to take all the necessary security measures before making your transition to SAP HANA or S/4HANA.

>> Return to SAST CONSULTING overview

SAST Events & Webinars
SAST Brochure