Offline Security - SAP Security Tools for rapid SAP Security assessment

Offline Security Client

The Offline Security Client is the core component of the Offline Security Toolset. It is a lightweight Python-based application that can be installed on any laptop (Windows, Linux, or macOS) with a single command. No installation on SAP ABAP systems is required, and no special user roles or privileges are needed in the target SAP systems.

To use the tool, you simply export a set of SAP data (tables) manually using your existing user. This gives you full control, transparency, and understanding of what information is collected. All data is processed locally on your machine, where the tool pseudonymizes sensitive information such as system names, user names, and role names.

The Offline Security Client is fully open source, so you can review the code and verify exactly what information stays on your device and what is transferred. Once pseudonymized, the processed data is uploaded to the Offline Security Server (offlinesec.com). Within seconds, the platform generates an Excel report containing the full analysis. This report can be easily shared with colleagues and uploaded to Google Drive.

The generated report includes:

Identified vulnerabilities
Misconfigurations
Insecure RFC/ICF connections
Charts, statistics, detailed tables, and references to additional resources

All documentation is publicly available on GitHub. Download it, try it out, and verify the process end-to-end. We do not collect company names, emails, names, vulnerabilities, or any sensitive security information. For security reasons, the report can be downloaded only once.

Our database is updated regularly with the latest SAP Security Notes, new versions of SAP security baselines, and current best practices.

Features:

No ABAP Installation Required

Install a small, platform-independent client on your laptop with a single Python command. Nothing needs to be deployed in the SAP system.

Fast setup

No SAP roles, technical users, or elevated privileges required. Follow the documentation and get your first security report in under 5 minutes.

Data Pseudonymization

All sensitive information stays local. Only pseudonymized metadata is sent to the analysis server.

Wide Use-Case Coverage

Support for SAP Security Notes checks, compliance baselines (DSAG, best practices), RFC and ICF configuration checks, and more.

Customization

Define your own rules and standards or choose from predefined rule sets.

Progress Tracking & Visualization

Run the tool regularly to monitor your security posture over time—track how quickly notes are implemented and how configuration issues evolve month to month.

Learn more about Offline Security Client

Offline Security Connector

The Offline Security Connector is an optional module that extends the Offline Security Client into a classical application with an RFC connector—still without requiring any installation on SAP ABAP systems.

The connector is built on the pyRFC library and supports:

SSO/SNC authentication
User/password authentication

Instead of manually exporting data from SAP, the Offline Security Connector allows you to collect all required information with a single command. This automates the entire data-gathering process for the Offline Security Client.

All authentication data and sensitive information are stored locally on your laptop in a secure format, and can be easily reused whenever needed. Nothing confidential is transmitted or stored outside your environment.

Learn more about Offline Security Connector

Offline Security Alerting

The Offline Security Alerting module is an optional extension that enables seamless integration of the Offline Security Toolset with SIEM platforms and other monitoring systems. It provides automated notifications and real-time security insights based on your Offline Security reports.

Use Cases:

Forward current vulnerability data Automatically send all vulnerability and misconfiguration details from the latest reports to your SIEM system
Notify about newly discovered vulnerabilities Receive alerts whenever new issues are identified, enabling faster response and improved security posture

Offline Security Knowledge Base

The Offline Security Knowledge Base module provides powerful customization capabilities for the entire Offline Security Toolset. It allows you to adapt checks, standards, and rules to match your organization’s specific security requirements.

Use Cases

Baseline & Compliance Checks. Define your own security baselines and create custom rules or checks that reflect your internal policies and best practices.
Critical Role Identification. Configure personalized rules to identify critical or sensitive user roles based on your organization’s criteria.

Learn more about Offline Security Knowledge Base

Technical Support

Offline Security Toolset is available free of charge. However, if you require a higher level of reliability, faster response times, or direct assistance from our specialists, you can purchase a technical support subscription.

We offer several support tiers to match different needs: