Billions of people use internet daily for different reasons like visiting social portals, uploading photos, working remotely, paying invoices or banking. In one word: they share personal data with other parties. In parallel, the evil side of internet works as well to harvest and gather information which can trade on illegally and also terrorize the society of the network. A hacker attack can be a huge risk for any company nowadays especially in the business sector it can damage the most because the trust of the users can be gone easily if their sensitive data become publicly available for unauthorized sources. The other problem with a case like this has negative effect on position and reputation in the business era.
This is a fact that the best defence against attacks like these is the continuous and agile prevention. I have chosen this theme for my thesis because I am interested in it and I feel this knowledge has value in the labour market.
During the experiment, I got some knowledge about the technologies and services used and the shipped products of SAP and a basic understanding about the tools which are generally used in penetration testing process. In my opinion the testing was widespread, because it included several topics like general, server side and mobile application analysis. I also investigated some tutorial codes which are also provided by SAP for developers as a general understanding about their technology. I have found several vulnerabilities, which I reported immediately to my consultant and to the responsible department of the SAP. I hope that these security threats will be supervised and solved in the next few months.
In the first part of my thesis I would like to introduce the participants of my security analysis and the penetration testing tools of the scope which I used during the research. After that in the second part I keep on describing the targets of my investigation and present the steps of testing process, I give a report about my results and propose a solution to avoid the founded vulnerabilities.