March-16-2016 Talk at Troopers, Heidelberg “Thanks SAP for the vulnerabilities. Exploiting the unexploitable” by Dmitry Chastuhin
Every month SAP patches about two dozens of vulnerabilities in its solutions. Some of them are critical and receive so-called “Hot news” or “High priority” rating. However, others are considered not so dangerous. Since patching process on a real SAP landscape is time-consuming and costly, the idea to fix only security issues with high CVSS base score seems rather tempting, but, apparently, completely insecure.
At the Troopers, Dmitry Chastukhin, Director of security consulting at ERPScan, will tell and show how by using a chain of minor security holes in different SAP services one can take complete control over an affected system.
Troopers is one of the most significant IT-Security Conferences, where the world’s leading IT-Security experts and Hackers present their latest research, will take place on March 14th – 18th, 2016 in Heidelberg, Germany.
Troopers provides a networking platform for Security-interested people from all over the world and gives an opportunity to experts from the industry, academia and the research community to exchange knowledge and talk about their work. Troopers event is famous for their main interest lying in the area of high-end workshops with hands-on experiences and most importantly real answers and practical benefits from the up-to-date experience.
In 2014, Troopers introduced a special track covering SAP Security.