Las Vegas, NV - July 31, 2013 The researchers from ERPScan participated in the BlackHat conference for the third time. This time, ERPScan got two slots: a briefing and a workshop. The presentations were the first talks of the first day in the agenda, right after the keynote.
There are no invulnerable systems. The business applications, on which the activities of large companies directly depend, are no exception. ERP, CRM, SRM, ESB systems store and process financial and personal data as well as information about projects, social endeavors, interactions with customers and press. And they are a juicy target for attackers – cybercriminals and industrial spies alike.
Dmitry Chastukhin, the director of SAP pentesting in ERPScan, showed a presentation called "With BIG DATA comes BIG responsibility: Practical exploiting of MDX injections". The talk was dedicated to Big Data systems, which are widely used to process huge amounts of non-structured data and gather lots of hype in media. Dmitry will present the first ever research of the practical attacks against such systems.
In modern business intelligence systems, almost all Big Data systems use the query language called MDX. Dmitry described MDX in detail, including its features and nuances. He also showed a range of attacks based on MDX injections.
Alexander Polyakov and Alexey Tyurin presented the new version of ERPScan Pentesting Tool, which is free and open for download for everybody who want to simplify the process of pentesting ERP systems.
Black Hat is the most technical and relevant global information security event series in the world. For more than 16 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.