SAP Threat Modeling Save

The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabilities. With features like inputting SAP credentials, scanning for connections, and visualizing the network.

Project README

SAP Threat Modeling Tool - Readme

This tool helps you analyze and visualize connections between your SAP systems, enabling identification of potential security risks and vulnerabilities.

For more detailed information about potential threats in SAP systems related to inter-SAP connections, visit this page.

Features:

Input SAP Credentials: Enter system details (SID, username, password, etc.) to establish initial connections.
Scan for Inter-SAP Connections: Discover and display connections between your SAP systems, including usernames and password storage flags.
Visualize the Network: View a graph representation of your SAP network, highlighting connections with potential security concerns.
Filter Connections: Focus on specific connections, such as those with stored passwords.

Usage:

Initiate Connections:
- Navigate to the "Init Connections" page.
- Enter SAP system credentials similar to the format shown in this .
- Save the connection details and click "Scan" to start the analysis.
View Existing Connections:
- After the scan is completed, go to the "Connections Table" page.
- Here, you can view all existing connections in a tabular format as depicted in this .
Explore Inter-SAP Connections:
- Alternatively, visit the "Graph Connection" page to visualize the inter-SAP connections in a graph format like shown in this .
- You can filter the connections to display only those with saved passwords, as demonstrated in this .

Installation:

Clone the repository:

git clone https://github.com/redrays-io/SAP-Threat-Modeling-Tool.git

Use code with caution.

Install dependencies:
```
pip install -r requirements.txt
```
Use code with caution.
Run the application:
```
python app.py
```
Use code with caution.
Access the web interface: Open http://localhost:5000 in your browser.

Docker Setup:

Alternatively, you can set up the tool using Docker with the following command:

docker pull ghcr.io/redrays-io/sap-threat-modeling:latest

Security Considerations:

Credential Storage: This tool stores SAP credentials in a local SQLite database. Ensure proper security measures for the database file.
Data Sensitivity: The tool exposes information about SAP connections and potential vulnerabilities. Limit access to authorized personnel only.
Production Use: This tool is intended for development and testing purposes. Evaluate its suitability before using it in production environments.

Open Source Agenda is not affiliated with "SAP Threat Modeling" Project. README Source: redrays-io/SAP-Threat-Modeling

Stars

Open Issues

Last Commit

3 weeks ago

Repository

redrays-io/SAP-Threat-Modeling

License

MIT

Homepage

https://redrays.io/threat-modeling-for-sap/

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/sap-threat-modeling"><img src="https://www.opensourceagenda.com/projects/sap-threat-modeling/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022