During one of small Web Shows which last only 20 minutes, Alexander showed a lot of examples of how attackers can break security of SAP Portal, derived from real-life penetration tests.

Detailed slides can be found here.