ERPScan has been invited to the BlackHat event to show the latest findings in business application security. We will present the talk “SSRF vs. Business-critical applications” by Alexander Polyakov and Dmitry Chastukhin. In this presentation, they are going to describe a new architectural vulnerability found in J2EE virtual machine, which especially targets SAP applications and allows bypassing a lot of SAP security restrictions even in secure landscapes. Don’t miss a chance to visit this presentation at 5:00 PM on July 26 in the Palace I room.
ERPScan are also glad to invite you to visit our booth (platform #4, near the OWASP). We will demonstrate our new version of ERPScan Security Scanner for SAP, an innovative product for continuous monitoring, standard compliance and vulnerability assessment of the SAP platform. The system enables conducting complex security assessments while scanning SAP servers for software vulnerabilities, misconfigurations, segregation of duties (SoD) conflicts, ABAP source code issues and backdoors and performs assessments for compliance to current standards and best practices including ones from the vendor.