The German Chapter of the Open Worldwide Application Security Project (OWASP) is once again organizing its national conference this year. On November 12 and 13, a variety of seminars, talks and evening events await all interested participants in Leipzig - all with the aim of sharing knowledge and experience.
The main event day on November 13, 2024 in particular offers a wide range of technical and non-technical presentations on the topic of application security. Experts from usd will also be speaking on the topic: „SAP from an Attacker's Perspective – Common Vulnerabilities and Pitfalls“.
Nicolas Schickert and Ole Wagner, pentesters at usd HeroLab, regularly conduct pentests of SAP systems and are aware of the special aspects, required expertise and pitfalls that are important when analyzing SAP infrastructures. They would therefore like to share their findings from a large number of tests with the community.
„The security of SAP systems is an increasing challenge for companies. Our presentation will highlight common vulnerabilities and attack vectors in SAP systems from an attacker's perspective and offer practical advice on how to mitigate these threats. Using examples and tools such as our sncscan, we want to show administrators and other security experts how they can evaluate encryption and signing settings of SAP systems to ensure the confidentiality and integrity of sensitive data.“
Nicolas Schickert, usd HeroLab
In view of the important role of the German OWASP Day for the exchange between security experts, usd AG also supports the event as a sponsor.
About OWASP:
The Open Worldwide Application Security Project (OWASP) is a non-profit organization with the aim of improving the security of applications, services and software in general. By creating transparency, end users and organizations should be able to make informed decisions about real security risks in software.
Therefore, OWASP helps build impactful projects, develops and nurtures communities through events and chapter meetings worldwide, and provides publications and resources to enable developers to write better software and empower security professionals to make software more secure.
Update 14 November 2024: Recording avaible
For anyone who could not participate in Leipzig, the Chaos Computer Club streamed all sessions and made the recoding of our talk available here: https://media.ccc.de/v/god2024-56278-sap-from-an-attackers-pers
