If your NetWeaver Portal installation contains confidential information or will be connected to the internet, the SAP Security Optimization Service can help you finding potential security flaws in your custom portal installation. During the check all relevant security parameters will be checked and room for improvement will be highlighted for you. The service will help you in securing your company's strength by keeping internal information private.
After performing the service, you will have the following benefits:
- Protection of integrated systems that trust the portal via Single-Sign-On,
- Decrease the risk of data manipulation,
- Safeguard and protect your portal implementation,
- Knowledge transfer which enables your administration and development teams to run the NetWeaver Portal securely.
The delivery will be structured in the following phases:
- Preperation phase with clearifying the scope and the prerequisites,
- Onsite delivery of the service by performing the checks directly on the system together with knowledge transfer,
- Remote analysis of the findings and creation of the report,
- Handover of the report with the findings,
- Conference call to discuss the report and further actions.
The scope will include the following portal specific details:
- Authentication Configuration and Implementation
- Single-Sign-On and Application Integration
- Portal Runtime Security Zones
- Portal Content Access Control Lists
- KM Authorizations
- Transport Layer Security & Secure Network Environment
- Security Concept & Security Requirements (optional)
- HTTP Header and Cookie Analysis (optional)
- Client-side Security (optional)
- OS Environment of Application Server (optional)
You will need a NetWeaver Portal installation, the supported releases are 6.40 or 7.00. The language of the service will be English or German, the documentation however will be in English. Also we can only perform a white box test, a black box penetration analysis will not be performed during the delivery. Some customers however run a penetration test before performing the Security Optimization Service for NetWeaver Portal. As you might assume, the security of connected backend system cannot be checked during the implementation, only the http communication between the relevant systems. Also the security of custom codings cannot be checked during the delivery.
Firm Fix Price
SAP Consulting Sales
Martin Kraus - martin.kraus(ät)sap.com
Plan Service, Run Service