SAP Security In Depth

*This training qualifies for the 2+2 promotion!

Overview:

Have you ever wondered whether your business-critical SAP implementation was secure? Do you know how to check it? Have you imagined which could be the impact of an attack to your core business platform? Do you know how to prevent it? This training is the answer to these questions.

For many years, SAP security has been a synonym of "segregation of duties" or "securing roles and profiles". While this kind of security is mandatory and of absolute importance, there are many threats that have been so far overlooked and are even more dangerous, such as the possibility of taking remote control of the entire SAP landscape without having any user in any system.

This training will help you to fill this knowledge gap, allowing you to understand the involved threats and risks and how to mitigate them. You will review the whole picture, from the security of the Environment and the SAP application-level gateways (SAProuter, Webdispatcher), through the assessment and hardening of the Operating Systems and Databases and their interaction with the SAP systems up to the security of the SAP Application Layer: Authentication, User security, Password Policies, Authorization subsystem, Interface Security, Web applications Security, Backdoors, ABAP (in)security, Auditing, Monitoring and more!

The training is organized with many hands-on exercises, which will help you grasp practical knowledge quickly. You will learn how to assess the security of an SAP implementation and then secure the critical security gaps you discovered. You will be able to learn how to use different SAP security tools, as well as Bizploit, the first opensource ERP Penetration Testing framework, developed by the instructors.

The training also provides a quick introduction to basic SAP concepts, which allows non-SAP security professionals to follow the course smoothly.

Required Equipment:
  • Personal laptop
  • SSH client
  • SAPGUI

Trainers:
Mariano Nuñez Di Croce is the Director of Research and Development at Onapsis. Mariano has a long experience as a Senior Security Consultant, mainly involved in security assessments and vulnerability research. He has discovered critical vulnerabilities in SAP, Microsoft, Oracle and IBM applications.

Mariano leads the SAP Security Team at Onapsis, where he works hardening and assessing the security of critical SAP implementations in world-wide organizations. He is the author and developer of the first open-source SAP & ERP Penetration Testing Frameworks and has discovered more than 50 vulnerabilities in SAP applications. Mariano is also the lead author of the "SAP Security In-Depth" publication and founding member of BIZEC, the Business Security community.

Mariano has been invited to hold presentations and trainings in many international security conferences such as BlackHat DC/USA/EU, HITB Dubai/EU, DeepSec, Troopers, Ekoparty, Sec-T, Hack.lu and Seacure.it as well as to host private trainings for Fortune-100 companies and defense contractors. He has also been interviewed and quoted in mainstream media such as Reuters, IDG, NY Times, PCWorld, eWeek and others.
Jordan Santarsieri

Jordan Santarsieri is a senior Onapsis security consultant and researcher. Being also a member of the Onapsis Research Labs, he is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications.

Jordan has discovered critical vulnerabilities in SAP software and is a frequent author of the "SAP Security In-Depth" publication. Through his work, he has contributed to the security of Global Fortune-100 companies and defense contractors.

He has also been invited to hold workshops and presentations in international security conferences, such as BlackHat DC, Hacker Halted and Ekoparty. His interests include penetration testing, exploit writing, forensics, data mining and psychology applied to information technology.
Instructor
Mariano Nunez Di Croce & Jordan Santarsieri

Dates
October 23 – 24, 2011

Pricing
Register and pay by July 31, 2011: $2299
Register and pay by September 15, 2011: $2699
Register and pay after Spetember 16, 2011: $2899

Class Capacity
25

You will get this:
  1. Lunch and coffee breaks throughout the duration of the training.
  2. Complimentary Pass to Hacker Halted conference (Inclusive of Party entrance pass).
  3. Certificate of Attendance


*This training qualifies for the 2+2 promotion!


spacer
dummy