Skip to main content
SAP Pentest Playbook
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  2. /
  3. Getting Started
  4. /
  5. How to Use SAP Pentest Playbook
Edit page

How to Use SAP Pentest Playbook

Read before continue

Before applying this Playbook, there are certain criteria that need to be considered:

  • Always make sure to have the necessary permissions and access rights from organization and SAP (cloud environments)!
  • Keep in mind that the Playbook is designed for specific scenarios and may not be applicable to all situations.
  • For SAP cloud environments it is necessary to request approval from SAP to conduct any penetration testing (see reference note below).
  • In general, it is recommended to follow the approach of a whitebox (or greybox) penetration test.

General terms and concepts

SID

Each SAP System has a System Identifier (SID). This is used for example for the generation of usernames on OS level, etc. In this document, the <SID> identifier is used wherever you need to insert the SID of the SAP system.

SAP User

  • on OS level, SAP has the following user:
    • <SID>adm (Linux and Windows)
    • SAPService<SID> (Windows only)

References