OWASP AppSec Europe 2015

This training will cover basic and advanced areas of ERP and Business Application security. You will understand the architecture of typical business application systems and how every single component of those systems can be penetrated. Course will include live demo and hands-on exercises covering business applications from vendors such as SAP, Oracle and Microsoft.

Current dependence of big businesses on Enterprise Business applications is greater than ever before. These enormous systems store and process all the companies’ critical data. Any information an attacker might want, be it a cybercriminal, industrial spy or a competitor, is stored here. This information includes financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage and insider embezzlement is a reality today, and for an attacker what can be more effective than targeting victim’€™s Business application systems and inflicting severe a damage. These applications may be of different types like ERP, CRM, SRM, XI, BI, ESB and others. Some of them store data and some of them like Enterprise Service Bus are for transferring critical data.
Unfortunately, there exists minimal information about Security of those systems both about how to break them during penetration tests and about how to configure them securely. Most of public research was focused on SAP ERP applications, but we additionally will also cover other software such as Oracle PeopleSoft, Oracle EBS, Oracle JD Edwards, Microsoft Dynamics, etc.