1. A Holistic View on SAP Security
Why Securing Production Systems Is Not Enough
March 12th, 2013
BIZEC Workshop
Mariano Nunez
mnunez@onapsis.com
@marianonunezdc
Juan Perez-Etchegoyen
jppereze@onapsis.com
@jp_pereze
6. On October 30th 2012, Anonymous
claimed intent to exploit SAP systems
They claimed to have broken into the Greek Ministry of Finance
(to be confirmed) and mentioned:
"We have new guns in our arsenal. A sweet 0day
SAP exploit is in our hands and oh boy we're gonna
sploit the hell out of it."
7. So we know that the SAP Application
Layer is the weak spot and where the
attacker will hit.
But… which system will he attack first?