I would like to know what are the limitation when you conduct SAP RISE application penetration testing.
If we raise a Customer Penetration Testing Request, would it be sufficient?
There are a couple more things to consider:
- Some testing methods, such as infrastructure-level denial of service testing are prohibited
- You're only permitted to test within the time frames provided from SAP as part of the response to your request
- You need to share the results / aka. report with SAP.
... are and the last time I checked, you are limited to a maximum of tests - last time I think it was 1 test per quarter or something