Hands-on SAP Hacking and Defense Workshop
SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.
This training provides the latest information on SAP specific attacks and remediation / protection activities.
This training starts with an introduction to SAP (No previous SAP knowledge is required), you will learn through several hands-on exercises and demos, how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform.
We take proud in creating the most comprehensive SAP security agenda:
Day 1
- Introduction to SAP
- What SAP security used to be in the past
- What SAP security is nowadays
- Introduction to SAP security tools (the open-source way)
- Securing the SAP Infrastructure
- SAP Router
- SAP Web-dispatcher
- The role of a firewall
- How to attack and secure: SAP & Windows
- How to attack and secure: SAP & Unix
- How to attack and secure: SAP & Oracle
- How to attack and secure: SAP & HANA
- Authentication mechanisms
- User Security
- Password Policy
- Authorizations
- SAP Gateway & RFC
- SAP Message Server
- SAP Management Console
Day 2
- SAP Solution Manager
- SAP System Landscape Directory
- ABAP Security
- SAP Back-doors
- SAP Updates
- Encryption
- SAP ICM (Continued)
- SAP J2EE
- Understanding the J2EE Framework
- Different SAP Web J2EE Applications
- J2EE Authentication Mechanisms
- SAP JCO
- SAP Security Audit Trail
- How to react in case of an SAP Intrusion
- SAP Lab – Packet wars! (Game subject to time constrains)