Unbreakable Oracle ERPs? Attacks on Siebel & JD Edwards presented at AppSecUSA 2012

by Juan Perez-etchegoyen, Jordan Santarsieri,

Summary : "Siebel and JDE platforms are a core part of our global business-critical infrastructure. Our credit card numbers, bills, personal information and consuming habits; top-tier companies' business processes and their most confidential information. It's all in there.
Despite their criticality, there is still today very scarce public information on how attackers may try to break into these systems and what we can do to stop them, placing the bad guys in a very powerful position. The Auditing and InfoSec industries have been traditionally focused only on enforcing segregation of duties controls, and that's not enough anymore.
Join us in this new presentation to understand, through several live demos, how intruders can remotely execute code, steal user passwords and manipulate proprietary technologies to perform espionage, sabotage and fraud attacks, without having a valid user in the systems. Furthermore, you will see how these attacks may be performed over the Internet.
Learn how to mitigate these risks, starting by learning how to assess them in your company using the new version of Bizploit, the opensource ERP Penetration Testing framework, to be released after the talk."