Assessing and testing the security of an ERP environment is a challenging venture. Because of that and due the overall complexity and the business significance, ERP security should be designed with a holistic approach, focusing on some specific components could result in interesting findings.