Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

SAP Backdoors: A ghost at the heart of your business

Type
Paper
Tags
SAP
Authors
Mariano Nunez Di Croce
Event
Black Hat USA 2010
Indexed on
Mar 27, 2013
URL
https://media.blackhat.com/bh-us-10/whitepapers/Di_Croce/BlackHat-USA-2010-Di-Croce-SAP-Backdoors-wp.pdf
File name
BlackHat-USA-2010-Di-Croce-SAP-Backdoors-wp.pdf
File size
314.2 KB
MD5
7912c76f42cffd26f6e292809e6fb5eb
SHA1
70e2350d36c541fd4b846f3f828a45d4e013aba2

In any company, the ERP (Enterprise Resource Planning) is the heart of the business technological platform. These systems handle the key business processes of the organization, such as procurement, invoicing, human resources management, billing, stock management and financial planning. Among all the ERPs, SAP is by far the most widely deployed one, having more than 90.000 customers in more than 120 countries and running in Fortune 100 companies, governmental and defense organizations. The information stored in these systems is of absolute importance to the company, which unauthorized manipulation would result in big economic losses and loss of reputation. This talk will present an old concept applied to a new paradigm: SAP Backdoors. We will discuss different novel techniques that can be deployed by malicious intruders in order to create and install backdoors in SAP systems, allowing them to retain access or install malicious components that would result in imperceptible-and-ongoing financial frauds. After the description of these techniques, we will present the countermeasures that should be applied in order to avoid these attacks and protect the business information, effectively reducing financial fraud risks and enforcing compliance. Furthermore, we will release a new Onapsis free tool that will help security managers to automatically detect unauthorized modifications to SAP systems. Is your SAP backdoored? If your answer is "I don’t know," you may consider attending to this talk.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !

© 2007-2019 Alessandro Tanasi (@jekil)
To report bugs or suggest features write to .