top of page
  • Writer's pictureInfosec In the City (IIC)

An Introduction to SAP Forensics — by Jordan Santarsieri

#IICSG2019 Conference Workshop Track

Day 1 (19 Jun 2019)


@ Breakout Room 3


SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world. These companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers/customers, material management, releasing payments to providers, credit cards processing, business intelligence making it an ideal target for cyber-attacks.

This mini-workshop will start with a brief introduction to SAP (No previous SAP knowledge is required), you will learn about the SAP security logs, their default status, what information is available, how to activate them, correctly configure them and how to parse the different formats.

After we learn about the security logs, we will parser one of the security logs and trace a simulated incident together!


  • Brief Introduction to SAP

  • SAP Architecture and Services

  • SAP Stacks

  • SAP Security Audit Log

  • SAP and the "Other Logs"

  • Deep-Dive on the SAP Security Log. The technical way!

  • Dissecting the Log

  • Creating a Parser Live! (the Python way!)

  • Catching the bad-guy

  • Conclusions

  • Final Remarks

  • Final Q&A

90 views0 comments


Post: Blog2_Post
bottom of page