This talk discusses a number of severe security issues in SAP's patch process discovered in a joined research project by Muenster University of applied sciences and Virtual Forge GmbH.
Damian Poddebniak received his Bachelor's degree (B. Sc.) from Muenster University of applied sciences in 2011 He is employed as a research assistant engaged in IT-security topics at the same university. For the time being, he is pursuing a Master's degree (M. Sc.) and aims to finish his educational career with a Ph.D. on IT-security and cryptography.
Sebastian is a professor for IT security at Muenster University of applied sciences, where he leads the IT security group. His research interest are system security, vulnerability research, and applied cryptography and he enjoys transferring knowledge from academia to industry and vice versa. Furthermore, he is CTO of CycleSEC GmbH, a Muenster-based security consulting company.
Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed numerous SAP security audits and received credit for more than 80 SAP security patches related to vulnerabilities he discovered in various SAP products. As CTO at Virtual Forge GmbH he leads Research & Innovation, a team focusing on SAP specific security research and new security solutions. Andreas has trained large companies and defense organizations on SAP security and has spoken at multiple SAP-specific conferences (like TechEd, DSAG, BIZEC and SAPience) as well as at general security conferences such as Troopers, Black Hat, HITB, IT Defense, DeepSec and RSA. He researched the ABAP Top 20 Risks published by the German Federal Office for Information Security (BSI) and is co-author of the first book on ABAP security (SAP Press 2009). He is also member of BIZEC.org, the Business Security Community.