Skip to content
/ sap-pentest-playbook Public

The SAP Pentest Playbook is a community-driven, open-source resource that documents practical techniques, tools, and methodologies for conducting penetration tests on SAP systems and landscapes. It is part of the OWASP CBAS project and aims to serve as a single, reliable point of reference for SAP security professionals, pentesters, and researchers

playbook.securitysilverbacks.com/

License

CC-BY-4.0 license
7 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SecuritySilverbacks/sap-pentest-playbook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

181 Commits
.github/workflows
.github/workflows
 
 
content
content
 
 
data/menu
data/menu
 
 
static
static
 
 
themes
themes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
config.toml
config.toml
 
 

Repository files navigation

OWASP SAP Pentest Playbook

License: CC BY 4.0

The SAP Pentest Playbook is a community-driven, open-source resource that documents practical techniques, tools, and methodologies for conducting penetration tests on SAP systems and landscapes. It is part of the OWASP Core Business Application Security (CBAS) project and aims to serve as a single, reliable point of reference for SAP security professionals, pentesters, and researchers.

The Playbook consolidates distributed, often outdated or hard-to-find knowledge into a structured and up-to-date guide that covers:

  • SAP-specific attack vectors
  • Misconfigurations and “works as designed” behaviors that can be exploited
  • Reconnaissance, exploitation, and post-exploitation techniques
  • Detection and mitigation considerations

Warning

Disclaimer: Make sure you have the appropriate permissions to actively scan and test applications. Without doing so, you might face legal implications

How to contribute

The SAP Pentest Playbook is community-driven — contributions from SAP security practitioners, researchers, and ethical hackers are welcome.

Ways you can contribute:

  • Submit new techniques, tools, or case studies
  • Update outdated content with current SAP versions and security measures
  • Add detection and mitigation tips for the techniques described
  • Review and improve documentation structure for clarity and usability

Contribution Process:

  1. Fork the repository and create a feature branch
  2. Add your contribution in the relevant section of the Playbook (Markdown format)
  3. Include references, screenshots, or code samples where applicable
  4. Submit a pull request with a clear description of your changes

Note

More information about contributing can be found at https://playbook.securitysilverbacks.com/Getting_Started/contribute/

Contributors

Supporters & Sponsors

Thank you to all our supporters and sponsors for their help and support to allow us to continue our work on the project.

Contact Us

Anyone interested in supporting, contributing or giving feedback join us in our discord channel

About

The SAP Pentest Playbook is a community-driven, open-source resource that documents practical techniques, tools, and methodologies for conducting penetration tests on SAP systems and landscapes. It is part of the OWASP CBAS project and aims to serve as a single, reliable point of reference for SAP security professionals, pentesters, and researchers

playbook.securitysilverbacks.com/

Resources

Readme

License

CC-BY-4.0 license
Activity
Custom properties

Stars

7 stars

Watchers

2 watching

Forks

5 forks
Report repository

Contributors 6