In many discussions, I noticed that CISOs and security officers do not have any (in-depth) knowledge of SAP. This is why the topic of SAP security often gets underestimated. Anyone interested in gaining insight into the important basics of SAP technologies can benefit from this highly compact crash course on SAP security. The session will give you an overview about security threats related to SAP and strategies to counter them - where possible. Among other thing, you will learn about - Different types of SAP servers / systems - SAP Application Server ABAP - SAP Application Server Java - SAP Netweaver - S/4 HANA - SAP RISE - SAP GROW - SAP BTP - Different types of SAP network tools - SAP Router - SAP Web Dispatcher - SAP Cloud Connector - Different types of SAP clients - SAP GUI - SAP Netweaver Business Client - Different types of SAP communication protocols - SAP DIAG - SAP RFC - SAP Architecture - Landscape layout - Internet Communications Manager - SAP Business Solutions - Other proprietary SAP technologies, such as - SAP ABAP - HANA Database - Secure Network Communication - Solution Manager - etc Once the basic servers, concepts and technologies of SAP are understood, the workshop will discuss ways to break them. With a special focus on the attack potential of an ABAP-based malware. While this may appear to be somewhat destructive, it is important to understand the full attack potential against - and through - SAP technologies in order to design a solid defense. With regards to defense, you will learn about - Various SAP security mechanisms - Single Sign-On - Security Audit Log - ATC - UCON - etc - Industry Best Practices and I will provide many insights from 20+ years of SAP pentesting. You want to understand SAP risks? This is the place to be.