"Over the past few years, interest in SAP security has grown exponentially. There have been many reports on the security of SAP's at top international conferences on security, affected by a variety of topics, ranging from attacks on SAP Routers and WEB-SAP applications ending with low-level vulnerabilities in the kernel of Sap and ABAP code. Currently, SAP has released more than 2,000 notices to close vulnerabilities in their products on the one hand, while very much on the other hand this is only the beginning, as this vast area has not been properly studied. So, what is vulnerability in SAP systems besides the already hackneyed XSS, SQL injection and buffer overflows? This report will focus on the ten most interesting vulnerabilities and attack vectors on the SAP system from problems with encryption to bypassing authentication, and from the mistakes of fun to sophisticated attack vectors. A large proportion of the vulnerabilities will be presented to the public for the first time."