Worldwide hundreds of thousands of companies of all sizes and industries are depending on SAP solutions to run their business, making SAP security a highly critical topic. Security breaches may directly impact business and reputation, resulting in financial loss, business disruptions, and bad press.
In this workshop, recognized SAP security experts from BIZEC will provide in-depth insights into best practices on protecting SAP systems. The workshop will start with live demonstrations on hacking SAP systems in order to raise awareness. But most importantly, the workshop will outline how to implement appropriate countermeasures. It will be a unique learning experience, based on the latest in SAP security.
09:00 – 09:15 | Welcome & Introduction To BIZEC And SAP Security: Industrial Espionage, Data Theft, And System Manipulation – Why SAP Security Matters And What We Can Learn From Leaked IT Security Incidents
09:15 – 09:45 | Security Engineering – Security and Privacy by Design | (Prof. Dr. Michael Waidner, Technische Universität Darmstadt / Fraunhofer Institute for Secure Information Technology SIT)
09:45 – 10:45 | Hacking SAP Systems – Live Demonstrations Of Real-World Security Threats To Your SAP Systems | (Mariano Nunez and Juan Perez-Etchegoyen, Onapsis; Ralf Kempf, akquinet; Andreas Wiegenstein and Xu Jia, Virtual Forge)
Exploiting Critical Attack Vectors To Gain Control Of SAP Systems: Attacking SAP Java Systems By Exploiting SAP Portal Authentication, Verb Tampering, And P4 Interface Vulnerabilities Taking Advantage Of Common Technical Misconfigurations And Vulnerabilities: Injecting Invisible Backdoors And Sniffing Out Passwords The Underestimated Risk: Exploiting Critical Security Defects In The ABAPTM Code Of Your SAP Applications
Break Coffee Break & Time To Meet The Experts
11:15 – 12:15 | SAP Runs SAP – Remote Function Call: Gateway Hacking and Defense | (Björn Brencher, SAP)
Break Lunch Break & Time to Meet The Experts
13:45 – 15:15 | Protecting Your SAP Systems From Real-World Security Threats | (Mariano Nunez and Juan Perez-Etchegoyen, Onapsis; Ralf Kempf, akquinet; Andreas Wiegenstein and Xu Jia, Virtual Forge)
A Holistic View On SAP Security: Why Securing Your Production Systems Is Not Enough Recommended Technical And Organizational Mitigation Measures: How To Minimize Risks And Implement Required SAP Security Patches In Time State-Of-The-Art Protection for Your SAP Systems: Why Development Guidelines And Code Analysis Matters
Break Coffee Break & Time To Meet The Experts
15:45 – 16:30 | SAP Security At Opel / Vauxhall – An Integrated Approach | (Markus Seibel, Adam Opel AG)
16:30 | Wrap-Up: BIZEC, SAP Security & The Way Ahead
The business application security initiative (BIZEC.org) is a non-profit organization that focuses on security defects in business applications. You will find more information about BIZEC and information on how to become a member here: www.bizec.org
This workshop brings renowned experts in the field of SAP security to TROOPERS13. We are looking forward to an unique learning experience with you!