We are happy to announce that Alexander Polyakov, Head of ERPScan, will give a talk at DEEPSEC 2010 held in Vienna, Austria on Friday, November 26, 2010. The the talk is entitled Attacking SAP Users Using sapsploit extended.
Here is the description of the topic: we will gave a talk about possible ways of getting unauthorized access to corporate SAP servers through the SAP Frontend vulnerabilities and misconfigurations with new examples of attacks.
Also we will show that the scenario which was made by Stuxnet for SCADA systems is possible for ERP systems, for example in SAP. There will be shown possible algorithms of attack.
In conclusion we will present the BETA version of a new free online service (ERPSCAN Online) for assessing SAP Frontend security and increasing user awareness to reduce the possibility of attack on SAP users.
Here will be presented some new attacks that were not shown at HITB, Malaysia.