ERPScan - Security Solutions for SAP & Oracle

Company Description

ERPScan is the most respected and credible Business Application Security Provider. Founded in 2010, the company operates globally. Awarded as an "Emerging Vendor" in security by CRN and distinguished by more than 25 other awards - ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities.

ERPScan consultants work with SAP SE in Walldorf in improving security of their latest solutions. ERPScan's primary mission is to close the gap between technical and business security and provide solutions to evaluate and secure ERP systems and business-critical applications from both cyber-attacks as well as internal frauds. Usual clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale.


Product Description


ERPScan Security Monitoring Suite for SAP is an innovative product to continuously monitor all checks on schedule basis. The system consist of 4 modules:


  • Security Audit Module - Conduct complex penetration tests, security assessment, scanning SAP servers for software vulnerabilities and misconfigurations. It also performs assessment for compliance to current standards and best practices including SAP best practices and ISACA guidelines. 
  • ABAP source code security review - SAST tool developed especially for ABAP language, able to find critical issues and backdoors in custom source code.
  • SoD and critical privileges analysis - Find users which have the rights to execute critical actions that can lead to fraud.
  • SIEM and log analysis - Monitor SAP log files for different attack attempts and malicious activity.



The monitoring suite specialises at identifying, analyzing, remediating security issues including vulnerabilities, misconfigurations, and SOD violations.
  • Mitigate fraud risk and prevent fraud actions. 
  • Comply with regulations and guidelines.  
  • Save up to 80% time and resources.
  • Visualize potential attacks.
  • Simplify remediation.


ERPScan Security Scanner for SAP is the most comprehensive assistance for security consultants and penetration testers. It makes assessment as easy and quick as possible by automating general checks. Thus, you can focus on the analysis of specific applications to meet precise needs.



  • Complete - Identify and Analyze security issues including vulnerabilities, misconfigurations, and SOD violations. React on them on a timely manner.
  • Comprehensive - Largest database of 10000+ Security Checks
  • Customizable - All scan templates are fully customizable to address
  • Universal - Support all types of SAP Platforms (ABAP, JAVA, HANA, BOBJ, Mobile)
  • Industry-specific - Checks for industry solutions such as Oil and Gas, Retail, Banking and more
  • Nonintrusive - Doesn't require any agents or modification of SAP or Oracle Platforms



Get rid of time-consuming manual analysis and embrace time management with the hourly system analysis and 2-minute scans against critical issues instead of spending weeks. 
  • Comply with standards such as; SOX, PCI-DSS, NERC, CIP, SAP security guidelines and various other SAP specific recommendations. 
  • Educate yourself using their large knowledge base compiled by information security professionals and SAP experts. It helps to understand the nature of revealed security issues. Provided remediation steps are so clear that even inexperienced SAP professionals can infer to them;
  • Automate routine by identifying 10000+ misconfigurations and vulnerabilities across all types of SAP Platforms (ABAP, JAVA, HANA, BOBJ, Mobile) and Industry solutions; 
  • Exploit vulnerabilities, identify weak passwords, and execute multi-stage attacks and post-exploitation;
  • Magnify your competitive edge by offering source code security scanning and access control/SOD along with regular SAP penetration testing and SAP security assessments;
  • Improve customers systems security by providing step by step remediation guides with automatic correction templates, instructions and attack signatures for Virtual Patching. 


ERPScan Security Monitoring Suite for Oracle Peoplesoft is the industry’s first vulnerability management solution for Oracle PeopleSoft applications and their components. It enables 360-degree protection against cyber-attacks and internal fraud.



  • Complete - Identify and Analyze issues including vulnerabilities, misconfigurations, and code vulnerabilities. 
  • Unique  - The only award-winning solution to address in 360° Oracle security protection.
  • Enterprise - Continous monitoring of vast landscapes. 
  • MSSP-ready - Can be implemented as a virtual appliance, in cloud or as SaaS.
  • Cloud and SAAS support - Can be implemented as a virtual appliance, in cloud or as SAAS.
  • Nonintrusive - Doesn’t require any agents or modification of Oracle Platforms.



Unique functions of Oracle PeopleSoft vulnerability management solution:
  • Vulnerability assessment.
  • Configuration assessment. 
  • Anonymous web services scan.
  • 0-day vulnerability checks and exploits.
  • Access control checks.
  • Database security checks.




For more references:
Video: Insecure SAP deployments

ERPScan's  Press Release/Article:
Copyright 2016 Ace Pacific Pte Ltd All rights reserved . Site by SGIHUB.