We are happy to announce that we (Ilya Medvedovskiy, CEO. ERPScan and Alexander Polyakov, CTO ERPScan) will give a talk at Source Barcelona 2010 security conference in Tuesday, September 21, 2010. The name of the talk is ERP Security: Myths, Problems, Solutions where we will cover all current situation about ERP security nowadays.
Here is the description of the topic:
Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nonetheless people still do not give much attention to the technical side of ERP Security. Platforms such as SAP, Oracle EBS, JD Edward s are the most widespread platforms used for the enterprise system management and the most critical data storage and we will talk about them in our examples. In the first part of this talk we will cover the common myths on ERP security like: ERP security is a vendor s problem; ERP is in the internal network and cannot be hacked from outside; ERP s are very complex and specific and hackers can t beat us; and of course ERP is only about SOD, and dispel them. Then we will talk about the problems of ERP Security in common and divide them into different levels like Network, OS, Database, Application and Client sides and cover all these areas giving statistics and vulnerability examples and pentest examples with 0-days. We will cover the basic types and areas of software problems and review them in ERP s. Finally, we will present the first version of annual statistics Business Application Vulnerability Statistics 2009, methodologies to assess ERP Systems and new tools to assess and control the security of ERP Systems in common and specifically for SAP systems.