Alexander Polyakov

Workshop Title

Practical SAP Security in Cyber-era

Abstract

This workshop will be focused on basics and advanced areas of technical aspects of SAP security. Understanding the architecture of typical SAP system and focuses on every component that can be attacked with live demo and hands-on exercises Covering areas such as SAP Gateway, Message server, RFC security, ITS, ABAP code vulnerabilities, JAVA-engine attacks, Authorizations, Database security, SAPGUI security and many others will be described.

Who should attend?

• CSOs who want to know more about SAP security
• Security auditors/Pentesters
• BASIS Administrators
• SAP Consultants

Speaker Bio

The father of ERPScan Security Monitoring Suite for SAP. Organizer of ZeroNights, a deeply technical security conference. His expertise covers the security of enterprise business-critical software like ERP, CRM, SRM, banking and processing software. He is the manager of EAS-SEC, a well-known expert on the security of enterprise applications developed by such vendors as SAP and Oracle. He has published a significant number of vulnerabilities and frequently receives acknowledgements from SAP. He is the author of multiple whitepapers and surveys devoted to information security research in SAP, for example, the award-winning "SAP Security in Figures". Alexander was invited to speak and train at international conferences such as BlackHat, RSA, HITB, and 35 others around the globe as well as at internal workshops for SAP and Fortune 500 companies.