RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-3, August 4-5

SAP (In)Security

Mariano Nuñez Di Croce, CYBSEC

registration button


How to secure an SAP system? How to perform a security assessment of an SAP system? These are the two questions that this course tries to answer.

SAP security is still an unexplored world for many security professionals. In this course you will learn the different security aspects of this giant, covering from the basics steps to the high-profile attacks and defenses. We will cover the full landscape, from the security of the operating system and the database server up to the security at the SAP layer: Transport System, User Management and Administration, Communication Security, Interface Security, Application Security (SAPRouter, Web Dispatcher, ITS, ICM, SNC, SSL), Logs and Auditing, Intrusion Detection.

Through many hands-on exercises, you will learn to use different SAP security products to secure your SAP deployments, as well as novel techniques and tools to perform assessments on these systems.

Even more, we will master you in using sapyto, the open-source framework for performing SAP penetration-tests. You will learn how to use it, configure it and extend its functionality developing your own plugins.


Mariano Mariano has been working as a security consultant at CYBSEC for the last 4 years, mainly involved in Penetration Testing and Vulnerability Research. In the first field, he has carried out assessments of critical national and international, private and public systems. As for research, Mariano has discovered vulnerabilities in Microsoft, SAP, Oracle, Watchfire and several security products. Mariano is the developer of sapyto, the first public framework for performing pen-tests over SAP systems. Mariano is about to graduate in Computer Science Engineering in the Universidad Tecnologica Nacional (U.T.N).

Mariano has spoken and hold trainings many (more than 15) international security conferences and seminars in Argentina, Paraguay, Chile, Panama, Cuba, Netherlands (Blackhat), Luxembourg ( and Austria (Deepsec).

Regarding SAP security, Mariano has worked securing and assessing many SAP installations. In the research field, he has discovered more than 35 vulnerabilities in SAP systems, many of which have been disclosed to the public. He has also published papers and tools about this subject.

registration button

Ends May 1

Ends July 1

Ends July 31

Begins August 1

$2000 USD

$2200 USD

$2400 USD

$2700 USD
1997-2009 Black Hat ™