This workshop will introduce you to SAP security, known vulnerabilities of SAP solutions, possible exploits and remediation techniques. It will also include live demonstrations on hacking into SAP systems. The workshop will be held by recognized SAP security experts from members of BIZEC. It will be a unique learning experience, offering deep practical insights into the latest on SAP security.

Target Audience:

  • IT managers
  • IT security managers
  • IT auditors
  • SAP system administrators & developers

 

Detailed Agenda: March 20, 2012, 9:00 a.m. – 4:30 p.m.

9:00      Why hackers aim at SAP® applications … and what to do about it

9:15       Trends in SAP security

9:45       Real-world cyber-threats to SAP systems

  • Critical attack vectors evil hackers may exploit
  • BIZEC TEC/11 – Common technical misconfigurations and vulnerabilities
  • Recommended mitigation measures

10:45     Coffee Break

11:00     Five years of ABAP Code Reviews – A retrospective

  • Typical attack surfaces of ABAP applications
  • BIZEC APP/11 -  Examples of common critical security defects in ABAP applications
  • Lessons learned for the developer, QA team and the C-level

12:00     Lunch Break

13:30     SAP Solution Manager from the hackers point of view

  • Single point of control for SAP landscapes
  • War Story: The SAP Solution Manager that we didn’t know
  • Hardening your SAP Solution Manager

14:30     Live demonstration of vulnerabilities in your SAP systems

Coffee Break (whenever convenient)

16:00     The way ahead: SAP security, BIZEC and the next steps

 

About BIZEC:

The business application security initiative (BIZEC.org) is a non-profit organization that focuses on security defects in business applications. You will find more information about BIZEC and information on how to become a member here: www.bizec.org

This workshop brings renowned experts in the field of SAP security to TROOPERS12. We are looking forward to an unique learning experience with you!

The ERNW / TROOPERS Team