As SAP systems manage the most sensitive and mission-critical data for organizations worldwide, they present an appealing target for threat actors. Traditional defenses often overlook the unique challenges in SAP landscapes, such as complex authorization models, a broad attack surface, and proprietary protocols.
The OWASP Core Business Application Security project is dedicated to provide a comprehensive approach to SAP security by focusing on critical aspects of proactive defense and resilience in SAP landscapes. This initiative brings together innovative techniques and tools to address major topics of cyersecurity such as deception, adversary simulations, detection engineering, attack surface management, security posture validation & baseline controls, and technical assessements tailored specifically for SAP environments.
We create tools that emulate advanced threat tactics, techniques, and procedures (TTPs) in SAP systems, helping teams to stay one step ahead by visualizing attack patterns and preparing adaptive responses.
- HoneySAP: SAP low-interaction honeypot
- pysap - Python library for crafting SAP's network protocols packets
- SAPKiln
Understanding your SAP attack surface enables you to better prioritze and apply security controls that help mature your SAP security posture. The below tools are designed to identify and provide you with possible threats and attack vectors that your SAP environment might posses.
Validating and enforcing secure configurations and controls in SAP, we offer frameworks for continuous monitoring of system integrity against best practices.
Anyone interested in supporting, contributing or giving feedback join us in our discord channel.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.