Paris, France - June 23-27, 2014 Once again ERPScan research team and its head Alex Polyakov made one more astonishing training on Enterprise Business Application Security Attack And Defense. This time on "Hack in Paris" conference, which took place on 23-27 of June 2014 in Disneyland, Paris, France.
Today all the companies business lays on Enterprise Business applications, big systems that store and process all the companies critical data. Any information an attacker might want, be it a cybercriminal, industrial spy or competitor, is stored here. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage and fraud or insider embezzlement may be very effective if targeted at the victim's Business application system and cause significant damage to the business. There are many types of those applications like ERPs, CRMs, SRMs, ESBs, and others. Some of them store data and some of them like Enterprise Service Bus is for transferring critical data. Unfortunately, there is still very low information about Security of those systems like how to break them during penetration tests and how to securely configure them. Most of public research was focused on SAP ERP applications but here we will cover also other software like Service Buses, CRM, Process Integration, SRM, and also software from other vendors like: Oracle PeopleSoft, Oracle EBS, Oracle JD Edwards, MS Dynamics, MS Biztalk and some of the less popular and custom business applications.