Despite the fact that SAP offers numerous security solutions, trivial flaws trigger cases when SAP systems are compromised. The report adresses main attack scenarios that attackers primarily use to obtain system access. This includes specific attacks on the level of an application as well as attacks on the level of a system environment. The audience will get acquainted with typical mistakes of system administrators and learn nonstandard ways of using SAP systems.