Enterprise application security is one of the most important topics in computer security as nowadays corporate environment has became more secure. As a result, attack vectors shift from OS down to the applications. And mostly it is about Enterprise business applications like ERP, CRM, SRM and others because these are the applications that store business data and any vulnerability in these applications will cause a real monetary loss. SAP has many security problems on all levels such as network, OS, database and application. This talk will cover common and some uncommon vulnerabilities on all these levels backed up with real world examples. Among the more uncommon vulnerabilities is SAP client side exploitation. This talk will describe different ways to attack SAP clients and demonstrate how you can get access to the whole SAP environment just by exploiting a client side vulnerability.