Anna Loosen defended her Master's thesis on 'Forensics in SAP systems for detection and analysis of attack vectors'

Enterprise Resource Planning (ERP) systems provide the possibility to connect functional areas in a company by providing information and processes. SAP is the market share leader of ERP products. It sells and supports its solution. SAP systems are critical to the business they are deployed in and this reflects on the update and maintenance process which is often executed very restrictive. This may lead to vulnerable systems.
This thesis selects eleven common and critical attack vectors on SAP systems from documents acknowledged in the SAP community. Each vector is explained and, where possible, a detailed description of the SAP internals is given. After execution of the attack, selected information resources in the SAP system are analysed for traces of the attack. These information resources include the statistic information in transaction STAD, the security audit log, the system log and further specific log files for the attack. An evaluation shows whether the attack might be detected through the available log data. An automated detection is implemented for two scenarios.