Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed? presented at Blackhat Europe 2012

by Mariano Croce,

Tags: Security

Summary : Global Fortune 1000 companies, large governmental organizations and defense entities have something in common: they rely on SAP platforms to run their business-critical processes and information. In this scenario, cyber-criminals looking to perform espionage, sabotage or financial fraud attacks know that these systems are keeping the business crown jewels.
But, how difficult is for them to break into an SAP system today? Are we properly protecting the business information or are we exposed?
Five years ago, we were invited to hold the first public presentation on real-world cyber-threats to SAP systems at BlackHat Europe 2007. Since then, we have performed specialized Penetration Tests against the SAP platforms of several of the largest organizations of the world, enabling us to get an educated answer to those questions.
Join us in this new presentation to learn:
How a cyber-attacker may break into an SAP system, completely anonymously.
Which are the Top-10 technical vulnerabilities found in real-world SAP implementations.
How protected are SAP systems from attacks over the Internet and internal networks.
How feasible it is to detect attacks in real-time and/or forensic investigations.
Which are the most effective measures to secure this business-critical platform.
This presentation will feature live demonstrations of attacks, war stories and statistics from real-world assessments.