HITBSECCONF2010 - DUBAI IS OVER!
THANK YOU TO ALL THE SPEAKERS AND ATTENDEES WHO MADE IT OVER TO JOIN US!

CONFERENCE MATERIALS
CONFEENCE PHOTOS

Mariano Nunez Di Croce (Director of R&D, Onapsis)

Presentation Title SAP Penetration Testing with Bizploit
Presentation Abstract

Have you ever wondered whether your business-critical SAP implementation is secure? Do you know how to check it? Have you imagined the impact of an attack to your core business platform? Do you know how to prevent it? This presentation will show you some guidelines on how to answer these questions.

While the security assessment of many systems and applications has reached a “mature” state of the art, supported by loads of white- papers and public information, the practical information on how to perform technical security assessments of SAP systems is still sorely lacking.

This presentation will show you some of the activities involved in an SAP Penetration Test. You will learn not only which critical flaws could render your system vulnerable to external attacks but also how to protect from them. Through lots of live demos you will see many attack and defense techniques, using the new open source ERP Penetration Testing framework which will be released at the conference: Onapsis Bizploit.

About Mariano Nunez Di Croce

Mariano Nunez Di Croce is the Director of Research and Development at Onapsis. Mariano has a long experience as a Senior Security Consultant, mainly involved in security assessments and vulnerability research. He has discovered critical vulnerabilities in SAP, Microsoft, Oracle and IBM applications.

Mariano leads the SAP Security Team at Onapsis, where he works hardening and assessing the security of critical SAP implementations in world-wide organizations. He is the author and developer of the first open-source SAP Penetration Testing Framework and has discovered more than 50 vulnerabilities in SAP applications. Mariano is also the lead author of the “SAP Security In-Depth” publication.

Mariano has been invited to hold presentations and trainings in many international security conferences such as Blackhat USA/EU, DeepSec, Sec-T, Hack.lu, Seacure.it, Ekoparty, CIBSI as well as to host private trainings for Fortune-100 companies and defense contractors. Mariano has a degree in Computer Science Engineering from the UTN.