Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, May 20 • 09:00 - 17:00
Enterprise Business Application Security: Attack and Defense (Day 2)

Sign up or log in to save this to your schedule and see who's attending!

This training will cover basic and advanced areas of ERP and Business Application security. You will understand the architecture of typical business application systems and how every single component of those systems can be penetrated. Course will include live demo and hands-on exercises covering business applications from vendors such as SAP, Oracle and Microsoft.

Current dependence of big businesses on Enterprise Business applications is greater than ever before. These enormous systems store and process all the companies’ critical data. Any information an attacker might want, be it a cybercriminal, industrial spy or a competitor, is stored here. This information includes financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage and insider embezzlement is a reality today, and for an attacker what can be more effective than targeting victim’€™s Business application systems and inflicting severe a damage. These applications may be of different types like ERP, CRM, SRM, XI, BI, ESB and others. Some of them store data and some of them like Enterprise Service Bus are for transferring critical data.
Unfortunately, there exists minimal information about Security of those systems both about how to break them during penetration tests and about how to configure them securely. Most of public research was focused on SAP ERP applications, but we additionally will also cover other software such as Oracle PeopleSoft, Oracle EBS, Oracle JD Edwards, Microsoft Dynamics, etc.

Speakers
DC

Dmitry Chastuhin

Dimitry Chastuhin — Director. Security Consulting at ERPScan Dmitry is a Director of security consulting at ERPScan. He works upon SAP security, particularly upon Web applications and JAVA, HANA and Mobile solutions. He has official acknowledgements from SAP for the vulnerabilities found. Dmitry is also a WEB 2.0 and social network security geek and bug bounty who found several critical bugs in Google, Nokia, Badoo. He is a contributor... Read More →
AT

Alexey Tuyrin

He holds a PHD in computer security. He is a director of Oracle Security department has a tremendous hands-on on experience in penetration testing projects on different business systems like ERPs, Banking software and Virtual infrastructure. Co-author of “SAP Security in figures 2011” research. He is a main developer ERPScan free tools like “ERPScan Pentesting tool” and “ERPScan XXE Scanner. Famous for his groundbreaking research of... Read More →


Wednesday May 20, 2015 09:00 - 17:00
Room D406 Amsterdam RAI

Attendees (1)