ERPScan researchers took part in Brucon conference and conducted a meeting with SAP.
Brussels, Belgium – October, 2011 ERPScan specialists took part in Brucon conference which was held in September, 19-20 in Brussels (Belgium). An updated talk, devoted to program and architect vulnerabilities in J2EE engine of SAP NetWeaver platform, was presented at the conference. There were presented two new vulnerabilities, which allow getting information unauthorized about users’ names in the system, and also conducting a company internal network scanning via servers, available in the Internet.
After the conference there was a meeting with Security Response Team of SAP Company on the questions of cooperation in the field of vulnerabilities’ founding and remediation. A closer cooperation of ERPScan specialists with development team and Response Team at the stages of vulnerabilities’ closure and patches’ testing will allow reducing the time of critical updates’ publication.
Slides from Brucon presentation are available at our web site in the presentations’ section.