Browse: Home / , , / 10 things you need to know to become an SAP Security Forensic Consultant

10 things you need to know to become an SAP Security Forensic Consultant

By Amol Bharti on March 13, 2009

forensicFollowing is a list of top 10 security topics that any SAP Security Forensic Consultant must know or atleast have an understanding of the concepts. I know, It’s not easy for anyone to master all the topics but still, a conceptual understanding is required.
 
1. Fundamentals and objectives of system security
     Authentication and Encryption

2. Awareness of Data Protection Acts, Information Security, International/National/State level Compliance Regulations etc.

3. Network basics
     Communication, TCP/IP, ports
     Routing, firewalls, proxies, SAProuter
4. Security in the SAP system
     Authentication and passwords
     Auditing as intrusion detection
     RFCs, trusted RFCs, RFC destinations
     Encryption, SNC
     Backdoor Access protection
 
5. Cryptography basics, PKI, TCS, digital signatures, Tokens

6. SAP NetWeaver Application Server, ICM
     Encryption, SSL, SNC
     Authentication, certificates, Single Sign-On

 
7. Some understanding of RSA Security Solution (SAP itself use this) Logon tickets, X.509, SSL
 
8. Understanding of SAP GRC Access Controls Suite, Majorly Risk Analysis & Remediation and Super User Privilige Management tools.
 
9. Understanding of Database Security, SAP Portal, HR, BW, eCATT Security
 
10. Knoweledge of concepts like Keyloggers, Spoofing, SAP GUI Scripting, Macros, Application Decompilation, E-mail Security, Archieving, at least should be aware of Stealth Programs.

Posted in , , | Tagged , , , , , , , , , , , , , , , , , , , | 5 Responses

SAP security specialist with expertise in SAP Governance, Risk Management, Compliance, SAP Forensic Security and SAP Security Audits. Former key developer of SAP BusinessObjects Risk Management 2.0/3.0, SAP Code Olympics 2007 winner and a regular blogger of topics like Regulatory Compliance, Application Security, Gadgets, Technology and other trending topics.

Articles in this series

5 responses to “10 things you need to know to become an SAP Security Forensic Consultant”

  1. Kiran
    Kiran
    April 18, 2011 at 12:26 pm | | Reply

    hi Mr:Amol Bharti,
    thanks for ur ans its very good . i am planing to learn GRC .

    can u help me ou plz . plz give text mail to my below mail id …

    [email protected]

    Thanks Regards
    Kiran.s

  2. fahrrad
    fahrrad
    November 21, 2010 at 11:32 am | | Reply

    Amol, can you email me and tell me few more things about career avenues in sap security. I have two years of experience in SAP SD and want to get into sap security but don’t know how. I am currently working with a manufacturing company where i don’t get much exposure in user administration. Looking for some kind of training in pune.

    I am really a big fan of your blog…
    fahrrad

  3. jai reddy
    jai reddy
    May 25, 2010 at 4:42 pm | | Reply

    Hi ,

    Good man could you please update the sap security(Grc & IDM) DOCS.

    Regards,
    jaireddy

  4. SAP Security
    SAP Security
    March 26, 2010 at 10:17 am | | Reply

    Very clear and logic listing. Thanks for share

    1. Amol Bharti
      Amol Bharti
      April 26, 2010 at 11:53 am | | Reply

      @secude: Thanks for your comments, I am glad that you liked the list.

Leave a Reply