ERPScan will reveal possibilities of attack and defense in enterprise business application’s at Black Hat training USA’14

Las Vegas, NV – August 2-3, 2014 ERPScan, the most honored ERP Security provider, will take part at the most anticipated info-security event of 2014 – Black Hat USA. Alexander Polyakov – CTO at ERPScan and a father of ERPScan Security Scanner for SAP – with help of his colleague Sergey Belov – Senior Security Auditor at ERPScan – will make ground-shaking training on enterprise business applications security, during their sessions on 2-3 of August.

It is a great honor for us to take part in the most appreciated event from the world of info security. With other leaders of Security-providing companies we will present our unique, not-seen before training on business application security. Some material’s of this training was not even presented in any of infosec conferences. Only latest examples of how to conduct penetration testing for most critical corporate systems like ERP, CRM, BI, SRM and more It is not the first time, when specialists of our ERPScan research team will take part in the Black Hat event. Since 2011 we gave 7 presentations at all BlackHat events (Las Vegas, DC, Europe, Abu Dhabi) with reports on enterprise business applications security talking about about SAP, Oracle and Microsoft and IBM products and even made a two-hours workshop in 2013.

Alexander Polyakov, the Co-founder and CTO of ERPScan

It is not a secret, that nowadays all of the companies’ business processes run on Enterprise Business applications, which are big systems, that store and process all of the companies’ critical data. Any information an attacker – is he a cybercriminal, an industrial spy or a competitor – might want is stored there. Information can include financial, customer or public relations, intellectual property, personally identifiable information and more. Industrial espionage, sabotage and fraud or insider embezzlement may be very effective if targeted at the victim’s Business application system and cause significant damage to the business. There are many types of those applications like ERP’s CRM’s SRM’s ESB’s and others. Some of them store data and some of them like Enterprise Service Bus are for transferring critical data.

Unfortunately there is still very few information about Security of those systems, like how to break them during penetration tests and how to securely configure them. Most of public research was focused on SAP ERP applications but during the sessions of the presented training tutors will also cover other software like Service Buses, CRM, Process Integration, SRM, as well as less discussed SAP solutions such as: SAP HANA, SAP Business Objects and of course products from other vendors such as Oracle Peoplesoft, Oracle EBS, Oracle JD Edwards, MS Dynamics and some of the less popular and custom business applications.

The interest in the security of the enterprise business applications and ERP systems has grown increasingly high in past few years. In 2014 it is not surprising anymore to see not only brief reports or workshops, but also the whole series of trainings and sections on these topics in the most appreciated info-security events in the world. The list of these events includes but not limited to Black Hat, Troopers and Nullcon. Best of all this fact proves the significance of such researches for the modern Enterprises Security.

The training Enterprise Business Application Security: Attack and Defense will take place at Black Hat on Saturday, August 2, 2014 and Sunday, August 3, 2014 at Mandalay Bay, Las Vegas, NV USA. For more information about event and for booking please follow this link

About ERPSCan:
ERPScan is an award-winning company honored as the Most innovative security company by Global Excellence Awards, the leading SAP AG partner in discovering and solving security vulnerabilities by number of reported issues. ERPScan is engaged in the research of ERP and business application security, particularly SAP, and the development of SAP system security monitoring, compliance, and cybercrime prevention software. Besides, the company renders consulting services for secure configuration, development, and implementation of SAP systems, which are used by SAP AG and Fortune 500 companies.