Do you know where are all critical company data is stored? Do you know how easily you can be attacked by cybercriminals targeting this data? How can attacker sabotage or commit espionage against your company just having access to one system? Amidst SCADA, Win 7, and the Cloud there is a type of critical system no one is talking about. Enterprise Resource Planning (ERP). All that is needed is to gain access to the corporate business application infrastructure, specifically systems such as ERP, Customer Relationship Management (CRM), and Supplier Relationship Management (SRM). If an attacker seeks to gather critical financial, personnel, or other sensitive data, these are the types of systems where it is stored. These systems are often also trusted and connected to other secure systems such as banking client workstations as well as SCADA systems. These days most companies have strong security policies and patch management as it applies to standard networks and operating systems, but these rarely exist or are in place for ERP type systems. An attacker can bypass all of a companies investments in security by attacking an ERP system. We will show examples of different custom business applications including custom as well as the more popular ones and previously unknown vulnerabilities that can be exploited to gain unauthorized access to critical business data. Many of these type vulnerabilities cannot be easily patched because they are design flaws or business logic problems requiring a redesign of the system.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.