Ede, Netherlands – June 18, 2015 Dmitry Chastuhin, Director of security consulting at ERPScan, presented a report on the latest SAP security trends at the Black Hat Sessions conference in the Netherlands. It covers multiple problems related to encryption algorithms and static keys used by SAP in their products.
The world of SAP deployments continues to evolve and certainly one of the big additions is the deployment of SAP HANA. This talk reviewed the current SAP security landscape, what attacks are currently prevalent and which ones are possible. The talk took a deeper look specifically at HANA and SAP Mobile Applications as an attractive target for attackers that currently has had little security review. The talk covered both potential attacks and defences as well as forensic methods possible after an incident.