Las Vegas, NV - August 3, 2014 Alexander Polyakov, CTO at ERPScan, and Sergey Belov, Senior Security Auditor at ERPScan, conducted a training titled "Enterprise Business Application Security: Attack and Defense".
It is not a secret, that nowadays all of the companies' business processes run on Enterprise Business applications, which are big systems that store and process all of the companies' critical data. Any information an attacker - be he a cybercriminal, an industrial spy or a competitor - might want is stored there. Information can include financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage and fraud or insider embezzlement may be very effective if targeted the victim's Business application system and cause significant damage to the business. There are many types of those applications like ERPs, CRMs, SRMs, ESBs, and others. Some of them store data and some of them like Enterprise Service Bus are for transferring critical information.
Unfortunately, there is still very low information about Security of those systems, like how to break them during penetration tests and how to securely configure them. Most of public research was focused on SAP ERP applications but during the sessions of the presented training tutors will also cover other software like Service Buses, CRM, Process Integration, SRM, as well as software from other vendors like: SAP HANA, SAP Business Objects, Oracle PeopleSoft, Oracle EBS, Oracle JD Edwards, MS Dynamics and some of the less popular and custom business applications.
The training Enterprise Business Application Security: Attack and Defense took place at Black Hat on Saturday, August 2, 2014, and Sunday, August 3, 2014, at Mandalay Bay, Las Vegas, NV USA.