Best Practice 9.2 – Perform periodic tests for security bugs

As described in the Well-Architected Framework Security Pillar incident response sections on simulations, assembling a runbook and conducting game days are recommended for all workloads, including those for SAP on AWS. This type of periodic testing can identify new attack vectors and vulnerabilities as well as prepare your SAP security resources for a rapid and effective response in the event of a security incident.

Well-Architected Framework [Security]: Incident Response – Simulation

Suggestion 9.2.1 – Include SAP applications as targets in addition to standard security and penetration testing

Probative security testing is an important part of maintaining a secure environment. In addition to conducting standard penetration testing in AWS, make sure to include your SAP solution as an additional potential target for malicious activities. Keep in mind SAP-specific software solutions that often are publicly exposed in your architecture such as SAProuter, Web Dispatcher, Cloud Connector, and SAP Fiori.

AWS Documentation: Penetration Testing

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Best Practice 9.1 – Understand your strategy for SAP application and database security event analysis

Best Practice 9.3 – Have a documented plan for responding to security events