SlideShare a Scribd company logo

Attacks on SAP Mobile

Positive Hack Days
Positive Hack Days

Attacks on SAP Mobile

Technology
1 of 47
Download to read offline
Invest in security to secure investments Attacks on SAP Mobile Vahagn Vardanyan. ERPScan
Vahagn Vardanyan SAP and Web application researcher Specialist degree in information security 2 @vah_13
About ERPScan • The only 360-degree SAP Security solution - ERPScan Security Monitoring Suite for SAP • Leader by the number of acknowledgements from SAP ( 150+ ) • 60+ presentations key security conferences worldwide • 25 Awards and nominations • Research team - 20 experts with experience in different areas of security • Headquarters in Palo Alto (US) and Amsterdam (EU) 3
Agenda 4 About SAP Mobile Platform SAP Control Center SAP SQL Anywhere services SAP Mobile Server SAP Mobile Platform vulnerability Decrypt GIOP protocol XXE SAP Control Center CSRF in SMP 3.0 Cassini 1.0 SQL Anywhere BoF SAP EMR Unwired SQL injection Conclusion
SAP Mobile Platform 5
SMP architecture 6
SMP protocols SUP 2.1.3 SUP 2.2 SMP 2.3 SMP 3.0 SMP Messaging x x x x SMP Replication x x x x HTTP Rest API x x x SAP Agentry x x 8
SMP services SAP Control Center SAP SQL Anywhere services SAP Mobile Server 9
SAP Control Center • Working process: sccservice.exe • Open ports: • 2100 (Messaging service) • 8282/8283 ( SCC ) • 9999 (RMI) 10
SMP services  SAP Control Center  SAP SQL Anywhere services  SAP Mobile Server 11
SQL Anywhere • Version 3: 1992 …………………………. • Version 10: 2006 - renamed SQL Anywhere (high availability, intra-query parallelism, materialized views) • Version 11: 2008 (full text search, BlackBerry support) • Version 12: 2010 (support for spatial data) • Version 16: April 18, 2013 - (faster synchronization and improved security) 12
SQL Anywhere 13
SMP services  SAP Control Center  SAP SQL Anywhere services  SAP Mobile Server 14
SAP Mobile Server • MobiLink • AdminWebServices • MlsrvWrapper • InfoboxMultiplexer • OBMO • JMSBridge 15
SAP Mobile Server (MobiLink) 16
AdminWebServices • Uses Cassini Web Server 1.0 • Listens to the local port 5100 17
SAP Mobile Platform vulnerabilities 18
Decrypting the SAP Mobile Platform GIOP protocol 19
Decrypting the SAP Mobile Platform GIOP protocol • GIOP – General Inter-ORB Protocol (GIOP) is the abstract protocol by which object request brokers (ORBs) communicate • Uses mlsrv16.exe (Mobilink) – port 2000 20
XXE in the SAP Mobile Platform portal page CVE-2015-2813 21
XXE in the SAP Mobile Platform portal page… 22
XXE in the SAP Mobile Platform portal page… • Portal URL: https://IP_ADDR:8283/scc • web.xml & services-config.xml C:SAPSCC-3_2servicesEmbeddedWebContainercontainerJetty- 7.6.2.v20120308workjetty-0.0.0.0-8282-scc.war-_scc-any-webappWEB- INFweb.xml <servlet-mapping> <servlet-name>MessageBrokerServlet</servlet- name> <url-pattern>/messagebroker/*</url-pattern> </servlet-mapping> 23
…XXE… C:SAPSCC-3_2servicesEmbeddedWebContainercontainerJetty- 7.6.2.v20120308workjetty-0.0.0.0-8282-scc.war-_scc-any-webappWEB- INFflexservices-config.xml ******************************** <channel-definition id="scc-http" class="mx.messaging.channels.HTTPChannel"> <endpoint url="http://{server.name}:{server.port}/scc/messagebroker/http" class="flex.messaging.endpoints.HTTPEndpoint" /> </channel-definition> ******************************** 1. /scc/messagebroker/amfpolling 2. /scc/messagebroker/amfsecurepolling 3. /scc/messagebroker/http 4. /scc/messagebroker/httpsecure 5. /scc/messagebroker/amflongpolling 24
…XXE 25
Read file with XXE C:SAPMobilePlatformServersUnwiredServerRepositoryInstancecomsybas esupserverSUPServersup.properties sup.imo.upa = 457ba103a46559486a81350d552a9e47fb085927eb6df0ccc79231bc3d 26
Decrypt sup.imo.upa 27
SAP Mobile Platform unauthenticated access to other servlets • Architecture and program vulnerabilities in SAP’s J2EE engine (BlackHat USA 2011) • web.xml files revealed hidden methods to: – Read and generate logs 28
Prevention Install SAP security note 2125358 SAP Mobile Platform XXE vulnarability 29
CSRF in SMP 3.0 30
CSRF in SMP 3.0 31
CSRF in SMP 3.0 32
CSRF in SMP 3.0 33 • addAdministrator • addRepository • removeServerLogs • createApplication • createBackendConnection ********************
Prevention Install SAP security note 2114316 SAP Mobile Platform CSRF vulnarability 34
Cassini 1.0 35
AdminWebService POST /MobileOffice/Admin.asmx/AddAdminUser HTTP/1.1 Host: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length: length strUserName=Admin2&strActivationCode=123QWEasd&iExpirat ionHours=100 36
AdminWebService 37
SAP SQL Anywhere Buffer Overflow/Code Execution CVE-2015-2819 38
SAP SQL Anywhere BoF/Code Execution • CVE-2008-0912 – The MobiLink server is affected by a heap overflow which happens during the handling of strings like username, version, and remote ID (all pre-auth) which are longer than 128 bytes • CVE-2014-9264 – Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias 39
First PSH request 40
First PSH request • 41
SQL Anywhere BoF 42
Prevention Install SAP security note 2108161 Denial of service in SAP SQL Anywhere 43
SAP EMR Unwired SQL injection CVE-2013-7096 44
SAP EMR Unwired SQL injection • CVE-2013-7096 (CVSS 7.5) • AndroidManifest.xml: <provider android:name=".providers.ModiDataDbProvider" android:authorities="com.sap.mobi.docsprovider" /> 1. content://com.sap.mobi.docsprovider/documents/offline_cat 2. content://com.sap.mobi.docsprovider/documents/offline/ 3. content://com.sap.mobi.docsprovider/documents/sample 4. content://com.sap.mobi.docsprovider/documents/online 5. content://com.sap.mobi.docsprovider/documents/offline_auth 6. content://com.sap.mobi.docsprovider/documents/offline 7. content://com.sap.mobi.docsprovider/documents/online_auth 8. content://com.sap.mobi.docsprovider/documents/sample/ 9. content://com.sap.mobi.docsprovider/documents/online_cat 45
Prevention Install SAP security note 1864518 Security Improvements for MOB-APP-EMR-AND 46
Conclusion 47 SAP Guides Regular security assessments Monitoring technical security Segregation of Duties Security events monitoring
Each SAP landscape is unique and we pay close attention to the requirements of our customers and prospects. ERPScan development team constantly addresses these specific needs and is actively involved in product advancement. If you wish to know whether our scanner addresses a particular aspect, or simply have a feature wish list, please e-mail us. We will be glad to consider your suggestions for the future releases or monthly updates. 48 About 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301 USA HQ Luna ArenA 238 Herikerbergweg, 1101 CM Amsterdam EU HQ www.erpscan.com info@erpscan.com

Recommended

iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application ExploitationPositive Hack Days
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
Pentesting iOS Apps - Runtime Analysis and Manipulation
Pentesting iOS Apps - Runtime Analysis and ManipulationPentesting iOS Apps - Runtime Analysis and Manipulation
Pentesting iOS Apps - Runtime Analysis and ManipulationAndreas Kurtz
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with ZapSoluto
 

Recommended

iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application ExploitationPositive Hack Days
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
Pentesting iOS Apps - Runtime Analysis and Manipulation
Pentesting iOS Apps - Runtime Analysis and ManipulationPentesting iOS Apps - Runtime Analysis and Manipulation
Pentesting iOS Apps - Runtime Analysis and ManipulationAndreas Kurtz
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with ZapSoluto
 
Migrating Beyond Java 8
Migrating Beyond Java 8Migrating Beyond Java 8
Migrating Beyond Java 8DaliaAboSheasha
 
Migrating Beyond Java 8
Migrating Beyond Java 8Migrating Beyond Java 8
Migrating Beyond Java 8DaliaAboSheasha
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS AppsHerman Duarte
 
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)Ryan Cuprak
 
Hybrid Mobile Development with Apache Cordova and
Hybrid Mobile Development with Apache Cordova and Hybrid Mobile Development with Apache Cordova and
Hybrid Mobile Development with Apache Cordova and Ryan Cuprak
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)Sam Bowne
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Kuba Břečka
 
Laravel and Django and Rails, Oh My!
Laravel and Django and Rails, Oh My!Laravel and Django and Rails, Oh My!
Laravel and Django and Rails, Oh My!Chris Roberts
 
All Aboard for Laravel 5.1
All Aboard for Laravel 5.1All Aboard for Laravel 5.1
All Aboard for Laravel 5.1Jason McCreary
 
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash CourseCrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash Courseeightbit
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
JAVA BOOK BY SIVASANKARI
JAVA BOOK BY SIVASANKARIJAVA BOOK BY SIVASANKARI
JAVA BOOK BY SIVASANKARISivaSankari36
 
Introduction to java
Introduction to javaIntroduction to java
Introduction to javaKrunali Gandhi
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperAjin Abraham
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)Sam Bowne
 
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,..."Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...Yandex
 
200 open source проектов спустя: опыт статического анализа исходного кода
200 open source проектов спустя: опыт статического анализа исходного кода200 open source проектов спустя: опыт статического анализа исходного кода
200 open source проектов спустя: опыт статического анализа исходного кодаPositive Hack Days
 
Как «вправить» автомобилю «мозги»
Как «вправить» автомобилю «мозги»Как «вправить» автомобилю «мозги»
Как «вправить» автомобилю «мозги»Positive Hack Days
 

More Related Content

What's hot

Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)Ryan Cuprak
 
Hybrid Mobile Development with Apache Cordova and
Hybrid Mobile Development with Apache Cordova and Hybrid Mobile Development with Apache Cordova and
Hybrid Mobile Development with Apache Cordova and Ryan Cuprak
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)Sam Bowne
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Kuba Břečka
 
Laravel and Django and Rails, Oh My!
Laravel and Django and Rails, Oh My!Laravel and Django and Rails, Oh My!
Laravel and Django and Rails, Oh My!Chris Roberts
 
All Aboard for Laravel 5.1
All Aboard for Laravel 5.1All Aboard for Laravel 5.1
All Aboard for Laravel 5.1Jason McCreary
 
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash CourseCrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash Courseeightbit
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
JAVA BOOK BY SIVASANKARI
JAVA BOOK BY SIVASANKARIJAVA BOOK BY SIVASANKARI
JAVA BOOK BY SIVASANKARISivaSankari36
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperAjin Abraham
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)Sam Bowne
 
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,..."Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...Yandex
 

What's hot (20)

Migrating Beyond Java 8
Migrating Beyond Java 8Migrating Beyond Java 8
Migrating Beyond Java 8
 
Migrating Beyond Java 8
Migrating Beyond Java 8Migrating Beyond Java 8
Migrating Beyond Java 8
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)
 
Hybrid Mobile Development with Apache Cordova and
Hybrid Mobile Development with Apache Cordova and Hybrid Mobile Development with Apache Cordova and
Hybrid Mobile Development with Apache Cordova and
 
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckSoftware Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic Techniques
 
Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]Dark Side of iOS [SmartDevCon 2013]
Dark Side of iOS [SmartDevCon 2013]
 
Laravel and Django and Rails, Oh My!
Laravel and Django and Rails, Oh My!Laravel and Django and Rails, Oh My!
Laravel and Django and Rails, Oh My!
 
All Aboard for Laravel 5.1
All Aboard for Laravel 5.1All Aboard for Laravel 5.1
All Aboard for Laravel 5.1
 
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash CourseCrikeyCon 2015 - iOS Runtime Hacking Crash Course
CrikeyCon 2015 - iOS Runtime Hacking Crash Course
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)
 
JAVA BOOK BY SIVASANKARI
JAVA BOOK BY SIVASANKARIJAVA BOOK BY SIVASANKARI
JAVA BOOK BY SIVASANKARI
 
Introduction to java
Introduction to javaIntroduction to java
Introduction to java
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - Whitepaper
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)
 
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,..."Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...
"Architecting and testing large iOS apps: lessons from Facebook". Adam Ernst,...
 

Viewers also liked

200 open source проектов спустя: опыт статического анализа исходного кода
200 open source проектов спустя: опыт статического анализа исходного кода200 open source проектов спустя: опыт статического анализа исходного кода
200 open source проектов спустя: опыт статического анализа исходного кодаPositive Hack Days
 
Как «вправить» автомобилю «мозги»
Как «вправить» автомобилю «мозги»Как «вправить» автомобилю «мозги»
Как «вправить» автомобилю «мозги»Positive Hack Days
 
Современные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защитеСовременные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защитеPositive Hack Days
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Positive Hack Days
 
Waf.js: как защищать веб-приложения с использованием JavaScript
Waf.js: как защищать веб-приложения с использованием JavaScriptWaf.js: как защищать веб-приложения с использованием JavaScript
Waf.js: как защищать веб-приложения с использованием JavaScriptPositive Hack Days
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
 
Современные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защитеСовременные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защитеPositive Hack Days
 
Перехват беспроводных гаджетов — от квадрокоптеров до мышек
Перехват беспроводных гаджетов — от квадрокоптеров до мышекПерехват беспроводных гаджетов — от квадрокоптеров до мышек
Перехват беспроводных гаджетов — от квадрокоптеров до мышекPositive Hack Days
 
Damn Vulnerable Chemical Process
Damn Vulnerable Chemical ProcessDamn Vulnerable Chemical Process
Damn Vulnerable Chemical ProcessPositive Hack Days
 
Alexey Tyurin - HR Hacking — bugs in PeopleSoft
Alexey Tyurin - HR Hacking — bugs in PeopleSoftAlexey Tyurin - HR Hacking — bugs in PeopleSoft
Alexey Tyurin - HR Hacking — bugs in PeopleSoftDefconRussia
 
Attacking SAP Mobile
Attacking SAP MobileAttacking SAP Mobile
Attacking SAP MobileERPScan
 
Как увидеть невидимые инциденты
Как увидеть невидимые инцидентыКак увидеть невидимые инциденты
Как увидеть невидимые инцидентыPositive Hack Days
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
SSDL: один день из жизни разработчика
SSDL: один день из жизни разработчикаSSDL: один день из жизни разработчика
SSDL: один день из жизни разработчикаPositive Hack Days
 
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОВосток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОPositive Hack Days
 
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege EscalationJanitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege EscalationPositive Hack Days
 
Аспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииАспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииPositive Hack Days
 

Viewers also liked (20)

200 open source проектов спустя: опыт статического анализа исходного кода
200 open source проектов спустя: опыт статического анализа исходного кода200 open source проектов спустя: опыт статического анализа исходного кода
200 open source проектов спустя: опыт статического анализа исходного кода
 
Как «вправить» автомобилю «мозги»
Как «вправить» автомобилю «мозги»Как «вправить» автомобилю «мозги»
Как «вправить» автомобилю «мозги»
 
Защищенность GSM
Защищенность GSMЗащищенность GSM
Защищенность GSM
 
Современные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защитеСовременные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защите
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
 
Waf.js: как защищать веб-приложения с использованием JavaScript
Waf.js: как защищать веб-приложения с использованием JavaScriptWaf.js: как защищать веб-приложения с использованием JavaScript
Waf.js: как защищать веб-приложения с использованием JavaScript
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
 
Современные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защитеСовременные DDoS-атаки: тенденции, опасность, подходы к защите
Современные DDoS-атаки: тенденции, опасность, подходы к защите
 
Перехват беспроводных гаджетов — от квадрокоптеров до мышек
Перехват беспроводных гаджетов — от квадрокоптеров до мышекПерехват беспроводных гаджетов — от квадрокоптеров до мышек
Перехват беспроводных гаджетов — от квадрокоптеров до мышек
 
Выживший
ВыжившийВыживший
Выживший
 
Damn Vulnerable Chemical Process
Damn Vulnerable Chemical ProcessDamn Vulnerable Chemical Process
Damn Vulnerable Chemical Process
 
Alexey Tyurin - HR Hacking — bugs in PeopleSoft
Alexey Tyurin - HR Hacking — bugs in PeopleSoftAlexey Tyurin - HR Hacking — bugs in PeopleSoft
Alexey Tyurin - HR Hacking — bugs in PeopleSoft
 
Attacking SAP Mobile
Attacking SAP MobileAttacking SAP Mobile
Attacking SAP Mobile
 
Как увидеть невидимые инциденты
Как увидеть невидимые инцидентыКак увидеть невидимые инциденты
Как увидеть невидимые инциденты
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 
SSDL: один день из жизни разработчика
SSDL: один день из жизни разработчикаSSDL: один день из жизни разработчика
SSDL: один день из жизни разработчика
 
Why IT Security Is Fucked Up
Why IT Security Is Fucked UpWhy IT Security Is Fucked Up
Why IT Security Is Fucked Up
 
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПОВосток — дело тонкое, или Уязвимости медицинского и индустриального ПО
Восток — дело тонкое, или Уязвимости медицинского и индустриального ПО
 
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege EscalationJanitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation
 
Аспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятииАспекты деятельности инсайдеров на предприятии
Аспекты деятельности инсайдеров на предприятии
 

Similar to Attacks on SAP Mobile

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyCisco Canada
 
Java @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPJava @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPIlan Salviano
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionCisco Canada
 
SAP (In)Security: New and Best
SAP (In)Security: New and BestSAP (In)Security: New and Best
SAP (In)Security: New and BestPositive Hack Days
 
Top 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAPTop 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAPERPScan
 
A crushing blow at the heart of SAP’s J2EE Engine.
A crushing blow at the heart of SAP’s J2EE Engine. A crushing blow at the heart of SAP’s J2EE Engine.
A crushing blow at the heart of SAP’s J2EE Engine. ERPScan
 
Splunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk
 
Sandip hazra resume
Sandip hazra resumeSandip hazra resume
Sandip hazra resumeSandip Hazra
 
API 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsAPI 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsJoel W. King
 
SD-WAN Catalyst a brief Presentation of solution
SD-WAN Catalyst a brief Presentation of solutionSD-WAN Catalyst a brief Presentation of solution
SD-WAN Catalyst a brief Presentation of solutionpepegaston2030
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api ManagementSmartWave
 
StrongLoop Overview
StrongLoop OverviewStrongLoop Overview
StrongLoop OverviewShubhra Kar
 
CONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to us
CONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to usCONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to us
CONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to usPROIDEA
 
Resilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsResilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsVMware Tanzu
 
SAP (in)security: New and best
SAP (in)security: New and bestSAP (in)security: New and best
SAP (in)security: New and bestERPScan
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesCisco DevNet
 
EAS-SEC: Framework for securing business applications
EAS-SEC: Framework for securing business applicationsEAS-SEC: Framework for securing business applications
EAS-SEC: Framework for securing business applicationsERPScan
 
Azure Cloud Application Development Workshop - UGIdotNET
Azure Cloud Application Development Workshop - UGIdotNETAzure Cloud Application Development Workshop - UGIdotNET
Azure Cloud Application Development Workshop - UGIdotNETLorenzo Barbieri
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Canada
 

Similar to Attacks on SAP Mobile (20)

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
 
Java @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPJava @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SP
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN Solution
 
SAP (In)Security: New and Best
SAP (In)Security: New and BestSAP (In)Security: New and Best
SAP (In)Security: New and Best
 
Top 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAPTop 10 most interesting vulnerabilities and attacks in SAP
Top 10 most interesting vulnerabilities and attacks in SAP
 
A crushing blow at the heart of SAP’s J2EE Engine.
A crushing blow at the heart of SAP’s J2EE Engine. A crushing blow at the heart of SAP’s J2EE Engine.
A crushing blow at the heart of SAP’s J2EE Engine.
 
Splunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAP
 
Sandip hazra resume
Sandip hazra resumeSandip hazra resume
Sandip hazra resume
 
API 102: Programming with Meraki APIs
API 102: Programming with Meraki APIsAPI 102: Programming with Meraki APIs
API 102: Programming with Meraki APIs
 
SD-WAN Catalyst a brief Presentation of solution
SD-WAN Catalyst a brief Presentation of solutionSD-WAN Catalyst a brief Presentation of solution
SD-WAN Catalyst a brief Presentation of solution
 
2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management2016 06 - design your api management strategy - axway - Api Management
2016 06 - design your api management strategy - axway - Api Management
 
StrongLoop Overview
StrongLoop OverviewStrongLoop Overview
StrongLoop Overview
 
CONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to us
CONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to usCONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to us
CONFidence 2014: Dimitriy Chastuhin: All your sap p@$$w0яd z belong to us
 
Resilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsResilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIs
 
SAP (in)security: New and best
SAP (in)security: New and bestSAP (in)security: New and best
SAP (in)security: New and best
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
 
EAS-SEC: Framework for securing business applications
EAS-SEC: Framework for securing business applicationsEAS-SEC: Framework for securing business applications
EAS-SEC: Framework for securing business applications
 
Azure Cloud Application Development Workshop - UGIdotNET
Azure Cloud Application Development Workshop - UGIdotNETAzure Cloud Application Development Workshop - UGIdotNET
Azure Cloud Application Development Workshop - UGIdotNET
 
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WANCisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
Cisco Connect Vancouver 2017 - Understanding Cisco next gen SD-WAN
 

More from Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

More from Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Recently uploaded

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 

Attacks on SAP Mobile