Attacking SAP Users Using sapsploit extended
Powered by iSpeech
Alexander Polyakov explains how to attack SAP with sapsploit: „Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nowadays SAP platform is the most widespread platform used for enterprise system management and the most critical data storage. Nonetheless people still do not give much attention to the technical side of SAP security. As for SAP server security there you can get information from Mariano presentations on BlackHat 2007 and Blackhat 2009 and you can see how insecure SAP servers. But what if we found out SAP server fully hardened? Usually when it is hard to attack a server we try to attack a client because in real companies there are thousands of user workstations that use SAP and they are less secure. SAP security is becoming a popular topic and clientside security of ERP systems is not well described in Internet So methodology and tools for assessing SAP frontend security must be known for security community. “
The talk was held at the DeepSec 2010 conference.
source
Gloss