Skip to end of metadata
Go to start of metadata

If your NetWeaver Portal installation contains confidential information or will be connected to the internet, the SAP Security Optimization Service can help you finding potential security flaws in your custom portal installation. During the check all relevant security parameters will be checked and room for improvement will be highlighted for you. The service will help you in securing your company's strength by keeping internal information private.

Customer Benefits 

After performing the service, you will have the following benefits:

  • Protection of integrated systems that trust the portal via Single-Sign-On,
  • Decrease the risk of data manipulation,
  • Safeguard and protect your portal implementation,
  • Knowledge transfer which enables your administration and development teams to run the NetWeaver Portal securely.

Delivery

The delivery will be structured in the following phases:

  1. Preperation phase with clearifying the scope and the prerequisites,
  2. Onsite delivery of the service by performing the checks directly on the system together with knowledge transfer,
  3. Remote analysis of the findings and creation of the report,
  4. Handover of the report with the findings,
  5. Conference call to discuss the report and further actions.

Scope

The scope will include the following portal specific details:

  • Authentication Configuration and Implementation
  • Single-Sign-On and Application Integration
  • Portal Runtime Security Zones
  • Portal Content Access Control Lists
  • KM Authorizations
  • Transport Layer Security & Secure Network Environment
  • Security Concept & Security Requirements (optional)
  • HTTP Header and Cookie Analysis (optional)
  • Client-side Security (optional)
  • OS Environment of Application Server (optional)

Requirements

You will need a NetWeaver Portal installation, the supported releases are 6.40 or 7.00. The language of the service will be English or German, the documentation however will be in English. Also we can only perform a white box test, a black box penetration analysis will not be performed during the delivery. Some customers however run a penetration test before performing the Security Optimization Service for NetWeaver Portal. As you might assume, the security of connected backend system cannot be checked during the implementation, only the http communication between the relevant systems. Also the security of custom codings cannot be checked during the delivery.

Characteristics

Pricing Model

Firm Fix Price

SAP Consulting Sales

Martin Kraus - martin.kraus(ät)sap.com

Service Type

Plan Service, Run Service