10 things you need to know to become an SAP Security Forensic Consultant

Following is a list of top 10 security topics that any SAP Security Forensic Consultant must know or atleast have an understanding of the concepts. I know, It’s not easy for anyone to master all the topics but still, a conceptual understanding is required.

1. Fundamentals and objectives of system security
     Authentication and Encryption

2. Awareness of Data Protection Acts, Information Security, International/National/State level Compliance Regulations etc.

3. Network basics
     Communication, TCP/IP, ports
     Routing, firewalls, proxies, SAProuter
4. Security in the SAP system
     Authentication and passwords
     Auditing as intrusion detection
     RFCs, trusted RFCs, RFC destinations
     Encryption, SNC
     Backdoor Access protection

5. Cryptography basics, PKI, TCS, digital signatures, Tokens

6. SAP NetWeaver Application Server, ICM
     Encryption, SSL, SNC
     Authentication, certificates, Single Sign-On

 7. Some understanding of RSA Security Solution (SAP itself use this) Logon tickets, X.509, SSL

8. Understanding of SAP GRC Access Controls Suite, Majorly Risk Analysis & Remediation and Super User Privilige Management tools.

9. Understanding of Database Security, SAP Portal, HR, BW, eCATT Security

10. Knoweledge of concepts like Keyloggers, Spoofing, SAP GUI Scripting, Macros, Application Decompilation, E-mail Security, Archieving, at least should be aware of Stealth Programs.

Source: http://amudee.com