Assessing Business-Critical Systems: Attack & Secure SAP Platforms
77% of the world’s revenue transactions are processed by an SAP application. Even knowing that, organizations still rely only on traditional SAP security methods like Segregation of Duties to secure these critical applications. During this training you’ll have the opportunity to learn how to know actually take advantage of misconfigured systems and break into them . First, we’ll put ourselves in the shoes of an attacker who wants to gain access to the most critical systems of any company, its SAP applications. You’ll learn about the types of weaknesses that could affect these systems, potentially going from no access to full access, discovering, assessing, attacking and exploiting them in an guided Capture the Flag style. In parallel, you’ll play the defender’s role, understanding key concepts and learning how to properly protect and secure these applications from the most common and emerging threats attackers are using.
Have you ever considered how critical SAP applications are for your organization? Have you ever wanted visibility into what’s stored in those complex systems that are so critical that no one wants to touch? Traditionally, most of these applications are out of scope of regular penetration tests. Have you noticed SAP security patches are usually applied late and sometimes not at all? If so, this course is for you!
During this training we’ll do a deep dive into the “business-critical applications” world of a typical company. You’ll learn the basic concepts needed to understand and test a variety of attacks against these systems and how to secure them.
This course is designed to show you how an attacker could find, assess and exploit these systems. You’ll learn it in a hands-on way, playing the attacker’s role and actually exploiting this attacks to gain some kind of access. Later, you’ll be in the defender’s trench, learning how to secure and protect the systems you previously exploited, in a guided Capture The Flag style activity. Additionally, this will include exercises and live demonstrations.
For Troopers 2020, we have updated and added new topics that are usually leveraged to break into this kind of systems together with new exercises!
After completing this training, you will be well equipped to understand the critical risks your SAP platform may be facing and how to assess them. Not only that but also, you will know the best practices to effectively mitigate them, detect incidents and proactively protecting your business-critical platforms.
- General knowledge on Information Security;
- Basic knowledge on Networking;
- Previous SAP expertise is welcome but NOT required!
- Laptop with permissions to install software;
- SAPgui should be installed on the laptop;
- SSH client should be installed on the laptop (such as putty).