Web services play a key role on the SAP NetWeaver platform for enabling application components to be offered as services. The flexibility and richness enabled by Web services to integrate disparate applications, SAP or non-SAP, increases the potential for security breaches and information leaks. An integral part of the rollout and management of a SAP NetWeaver based Web service includes understanding the risk posture of the exposed service. It is through vulnerability assessment of Web services that a risk posture assessment can be made. Such vulnerability evaluation has become an essential task for SAP Security Managers.
Before investigating what it means to perform vulnerability assessment on SAP Web services, we need to understand the SAP NetWeaver technology platform and its Web services offering. SAP NetWeaver is a technology platform that drives the Enterprise Services Architecture (ESA), a blueprint for how applications are offered as services. SAP NetWeaver is a comprehensive integration and application platform and is the foundation for all SAP solutions.
