Black Hat Europe 2009 Briefings and Training

April 14-15

SAP (In)Security

Mariano Nuñez Di Croce

Register Now

Overview

How to secure an SAP system? How to perform a security assessment of an SAP system? These are two questions that this course will answer.

SAP security is still an unexplored world for many security professionals. In this course you will learn the different security aspects of this giant, covering from the basics steps to high-profile attacks and defenses. We will cover the full landscape, from the security of the core operating systems and the database servers up to the security at the SAP layer itself: the Transport System, User Management and Administration, Communication Security, Interface Security, Application Security (SAPRouter, Web Dispatcher, ITS, ICM, SNC, SSL), Logs and Auditing, Intrusion Detection.

Through many hands-on exercises, you will learn to use different SAP security products to secure your SAP deployments, as well as novel techniques and tools to perform assessments on these systems.

Even more, we will master you in using sapyto, the opensource SAP Penetration Testing Framework. You will learn how to use it, configure it and extend its functionality developing your own plugins. Furthermore, a special sapyto (Training_Edition) will be used and provided, with many exciting extra features.

Trainer:

Mariano Nuñez Di Croce is a senior security researcher working at CYBSEC, mainly involved in Penetration Testing and Vulnerability Research. In the research field, he has discovered critical vulnerabilities in Microsoft, Oracle and Watchfire products as well as more than 40 vulnerabilities in SAP systems, many of which have been disclosed to the public. Mariano is now leading CYBSEC's SAP Security Team, where he has worked securing and assessing many critical SAP implementations. He is the developer of sapyto, the first SAP Penetration Testing Framework, and has also published white-papers and tools about this subject.

Mariano has been invited to hold presentations and trainings in many international security conferences such as Blackhat, Sec-T, Hack.lu, Ekoparty, DeepSec, CIBSI as well as to host private trainings for Fortune-100 companies and defense contractors. Mariano has a degree in Computer Science Engineering from the UTN and in his free time he enjoys staying away from his computer.

Register Now

Early: Ends Feb 1	Regular: Ends Mar 1	Late: Ends Apr 1	Onsite:
€ 1885	€ 2085	€ 2285	€ 2485