SAP ABAP Penetration Testing

Frederik Weidemann

August, 20th (1 day)

For many people SAP systems are like a black box even though these systems store critical business data. When talking about SAP security many people think of authorizations and segregations of duties but it isn’t that easy. Often these systems are vulnerable to attacks that are well known for years. The target group of this course are non-SAP specialists. We’ll give an introduction in a one day course how to do penetration testing on SAP NetWeaver ABAP systems. In a dedicated training environment the attendants will simulate attacks in hands-on exercises to get an understanding of the related threats and risks. Furthermore best practices and mitigation possibilities will be discussed.


Bring your own Laptop with

  • Windows Vista or newer OR
  • Linux (e.g. openSUSE 12.2, Fedora 17, RHEL 6, Ubuntu 12.04 OR
  • MacOS X

Minimum of 2 GB RAM is required!

About the trainer

Frederik Weidemann is Head of Consulting at Virtual Forge GmbH with a focus on SAP Security for seven years. He is coauthor of the first book on ABAP Security “Sichere-ABAP Programmierung” by SAP Press and spoke at several SAP and Security related conferences like RSA, OWASP or DSAG. Frederik teaches frequently on secure ABAP programming (course WDESA3) at SAP University in Walldorf and on SAP security for Virtual Forge’s customers. The author also writes frequently articles on SAP Security and has found countless Zero Day defects in Business Software. He holds a German Diploma in Computer Science and scored several Capture-The-Flag hacking contests first or second place during his time in university.