Some notes on SAP security

March 11, 2010 (at 11:30 a.m.) in Defense & Management

Enterprise application security is one of the most important topics in computer security as nowadays corporate environment has became more secure. As a result, attack vectors shift from OS down to the applications. And mostly it is about Enterprise business applications like ERP, CRM, SRM and others because these are the applications that store business data and any vulnerability in these applications will cause a real monetary loss.

SAP has many security problems on all levels such as network, OS, database and application. This talk will cover common and some uncommon vulnerabilities on all these levels backed up with real world examples.

Among the more uncommon vulnerabilities is SAP client side exploitation. This talk will describe different ways to attack SAP clients and demonstrate how you can get access to the whole SAP environment just by exploiting a client side vulnerability.

Alexander Polyakov

Founder of ERPScan, President of project, accomplished R&D professional and Entrepreneur of the year. He is an expert at security for business-critical software like ERP, CRM, SRM and industry specific solutions. He has received due recognition having publishing over 100 vulnerabilities, as well as multiple whitepapers, such as annual award-winning "SAP Security in Figures”, surveys and a book devoted to information security research in SAP and Oracle. He has presented at more than 50 conferences in 20+ countries in all continents and held training sessions for the CISOs of Fortune 2000 companies, including SAP SE.