SAP BusinessObjects Attacks: Espionage and Poisoning of Business Intelligence platforms

Presented at DeepSec 2014 „Do you want to know more?“, Unknown date/time (Unknown duration).

Business executives make their strategic decisions and report on their performance based on the information provided by their Business Intelligence platforms. Therefore, how valuable could that information be for the company's largest competitor? Even further, what if the consolidated, decision-making data has been compromised? What if an attacker has poisoned the system and changed the key indicators? SAP BusinessObjects is used by thousands of companies world-wide and serves as the gold standard platform for Business Intelligence. In this presentation we will discuss our recent research on SAP BusinessObjects security. Specifically, through several live demos, we will present techniques attackers may use to target and compromise an SAP BusinessObjects deployment and what you need to do in order to mitigate those risks.

Presenters:

  • Juan Perez-Etchegoyen - Onapsis, Inc.
    Juan is the CTO of Onapsis, leading the Research & Development teams that keep the Company in the cutting-edge of the ERP security industry. Juan is responsible for the design, research and development of the innovative Onapsis' software solutions Onapsis X1 and Onapsis IPS, as well as the future Company's products. Being the founder of the Onapsis Research Labs, Juan is actively involved in the coordination and research of critical security vulnerabilities in ERP systems and business-critical applications, such as SAP, Oracle and JD Edwards. He is also credited for being the first to present on advanced threats to Oracle JD Edwards applications, having discovered numerous critical vulnerabilities in this platform. As a result of his innovative research work, Juan has been invited to lecture trainings and presentations in some of the most renowned security conferences of the world, such as BlackHat, OWASP and HackInTheBox, as well as to host private trainings for Global Fortune-100 organizations.

Links:

Similar Presentations: