TRAINING 9 – Hands-on SAP Hacking and Defense

DURATION: 2 DAYS

CAPACITY: 15 pax


USD2299 (early bird)

USD3299 (normal)

Early bird registration rate ends on the 30th of September


Overview

SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefts, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.

This training provides the latest information on SAP specifc attacks and remediation / protection activities.

This training starts with an introduction to SAP (No previous SAP knowledge is required), you will learn through several hands-on exercises and demos, how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to efectively mitigate them, pro-actively protecting your business-critical platform.

Who Should Attend

  • IT security practitioners who wishes to understand, learn and/or expand their knowledge of SAP
  • SAP administrators who wishes to learn how attackers are actively targeting these platforms and how to prevent it
  • General auditors who wishes to learn how to apply their experience in auditing to SAP
  • Red-Teams who wishes to expand their portfolio

Key Learning Objectives

Through several hands-on exercises and demos, you will learn how to perform your own vulnerability assessments, audits and penetration tests over your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform.

Preequisite Knowledge

No previous SAP knowledge is required. This training starts with a deep introduction to SAP. General cyber-security knowledge is recommended.

Hardware / Software Requirements

Attendees must bring their own laptop, they should have enough privileges to install software and change their own IP address, the rest of the materials will be provided in class. SSH client, privileges to install software (SAP Client will be provided) and enough privileges to change their IP Address. A modern browser is also required

Agenda

Day 1

  • Introduction to SAP
  • What SAP security used to be in the past
  • What SAP security is nowadays
  • Introduction to SAP security tools (the open-source way)
  • Securing the SAP Infrastructure
  • SAP Router
  • SAP Web-dispatcher
  • The role of a frewall
  • How to attack and secure: SAP & Windows
  • How to attack and secure: SAP & Unix
  • How to attack and secure: SAP & Oracle
  • How to attack and secure: SAP & HANA
  • Authentication mechanisms
  • User Security
  • Password Policy
  • Authorizations

Day 2

  • Authorizations (continued)
  • SAP Gateway & RFC
  • SAP Message Server
  • SAP Management Console
  • SAP Solution Manager
  • SAP System Landscape Directory
  • ABAP Security
  • SAP Back-doors
  • SAP Updates
  • Encryption
  • SAP ICM

TRAININGS
Location: Date: November 25, 2018 Time: 9:00 am - 6:00 pm Jordan Santarsieri