BIZEC SAP Security Workshop

March 17, 2015 (at 9 a.m.)

The 4th BIZEC workshop will be focused on SAP Attacks, Defenses & Forensics.

Participants will be challenged to spot weaknesses in the defense setup of our demo systems. This challenge will take place in the spirit of a "Capture The Flag" (CTF) competition. As we are aware that not all participants have deep technical understanding, the CTF activities will be guided. Once the participants are able to penetrate the defenses, we will discuss countermeasures and analyze to what degree the attacks are detectable by SAP standard logging and monitoring. The technological basis will be AS ABAP as well as HANA.

Participants need to bring their own laptop (SAP GUI installation required)!

Here is our current agenda, packed with first-class expert know-how:

SAP® Security 2015 – Attack, Defense & Forensics

Time Title

Welcome & Introduction to BIZEC and its mission

CTF challenge number 1 (AS ABAP)

CTF challenge number 2 (HANA)


CTF challenge number 3 (AS ABAP)

CTF challenge number 4 (AS ABAP - Backdoors)


Open Discussion with all presenting BIZEC partners (akquinet, axl&trax, CSI-Tools, ERP SEC, Onapsis, Virtual Forge) on the CTF outcome as well as “How to Fix” strategies / Demos


"Who can really do what in SAP ECC?" - Detecting role anomalies and wrong audit reports

"Willing to make a change in SAP ECC?" - Exploring audit trails and logs in SAP

Final discussion round with all presenting BIZEC partners & feedback

BIZEC workshop ends. Transfer to Networking Dinner.

Networking Dinner (open end)