October-12-2012 Presentation at Hacktivity, Budapest “Top 10 most interesting SAP vulnerabilities and attacks” by Alexander Polyakov

Budapest, Hungary – October 12, 2012 ERPScan CTO Alexander Polyakov spoke at one of the biggest European conference, Hacktivity.

His speech was dedicated the most interesting vulnerabilities in SAP. Thanks to ERPScan team, Invoker Servlet, Verb Tampering and other security issues of the largest ERP system in the world have now amazed Eastern Europe as well.

I am glad to note that over 1000 people have attended the event. The presentations have been a pleasant surprise too: there were some cheesy topics but a couple of presentations were really interesting and deeply technical. I especially liked the speech where the researcher showed a mechanism which automatically attacked a banking application using the currency rounding vulnerability (a widely known issue that we frequently find in remote banking systems). The mechanism was necessary to emulate taps on the pin-pad while a mini-camera read and digitized one-time passwords, which were then entered into the app. As a result, the device generated about 100 euros a day, so this attack has become an actual way to earn money rather than a theoretical vector with a small risk.

Alexander Polyakov