Description: Slides : - https://deepsec.net/docs/Slides/DeepSec_2010_Attacking_SAP_Users_with_sapsploit_extended.pdf https://deepsec.net/docs/Slides/DeepSec_2010_Attacking_SAP_users_with_sapsploit_eXtended5.pdf Alexander Polyakov, Digital SecurityBusiness applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nowadays SAP platform is the most widespread platform used for enterprise system management and the most critical data storage. Nonetheless people still do not give much attention to the technical side of SAP security. As for SAP server security there you can get information from Mariano presentations on BlackHat 2007 and Blackhat 2009 and you can see how insecure SAP servers. But what if we found out SAP server fully hardened? Usually when it is hard to attack a server we try to attack a client because in real companies there are thousands of user workstations that use SAP and they are less secure. SAP security is becoming a popular topic and clientside security of ERP systems is not well described in Internet So methodology and tools for assessing SAP frontend security must be known for security community.Alexander Polyakov is the CTO of The Digital Security Company. His expertise covers enterprise applications and database security. He found a lot of vulnerabilities in the products of such vendors as SAP and Oracle, and has made a lot of projects focused on special applications security in oil and gas, retail and banking sphere. He is the author of a book titled \Oracle Security from the Eye of the Auditor. Attack and Defense (in Russian). He is also the head of Digital Security Research Group (dsecrg.com), Expert Council member of PCIDSS.RU association, QSA and PA-QSA auditor.
Tags: securitytube , Confidence , hacking , hackers , information security , convention , computer security , deepsec-10 , deepsec-2010 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.