Palo Alto, CA - September 11, 2012 Alexander Polyakov, CTO of ERPScan, conducted the training titled "Enterprise Business Application Security: Attack and Defense".
Today all the companies' business relies on Enterprise Business applications. They are big systems that store and process all the critical data. Any information an attacker might want, be it a cybercriminal, industrial spy or competitor, is stored here. This information includes financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage and fraud or insider embezzlement may be very effective if targeted at the victim's business application system and cause significant damage to the business. There are many types of those applications like ERPs, CRMs, SRMs, ESBs, and others. Some of them store data and some of them, like Enterprise Service Bus, is for transferring critical data.
Unfortunately, there is still a little information about Security of those systems like how to break them during penetration tests and how to securely configure them. Most of public research was focused on SAP ERP applications but here we covered other software like Service Buses, CRM, Process Integration, SRM, and software from other vendors like Oracle Peoplesoft, Oracle EBS, Oracle JD Edwards, MS Dynamics, MS Biztalk and some of the less popular and custom business applications.
Black Hat is the most technical and relevant global information security event series in the world. For more than 16 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.