Hacking and Securing SAP Hana Applications from a Penetration Testers Point of View

Presented at TROOPERS18 (2018), March 14, 2018, 4 p.m. (Unknown duration)

This talk will show the different application programming languages which the SAP HANA platform offers and how coding defects can be attacked, exploited, and secured.

SAP Hana builds the foundation for SAP S/4 and the SAP Cloud Plattform. Hana can run as a standalone database but ships with an own application server independently of the SAP NetWeaver platform. This talk will give an overview about the different languages SAP HANA offers, like Javascript/Node.js, Java, and SQLscript. You'll learn how custom applications can be attacked, exploited, and secured.

Presenters:

• Frederik Weidemann
  Frederik Weidemann is Head of Consulting at Virtual Forge GmbH with a focus on SAP Security for twelve years. He is co-author of the first book on ABAP Security "Sichere-ABAP Programmierung", by SAP Press and spoke at several SAP and Security related conferences like RSA, OWASP, SAPinsider and DSAG. Frederik frequently teaches on secure ABAP programming (course WDESA3) at SAP University in Walldorf and on SAP security for Virtual Forge's customers. He also writes articles on SAP Security on a regular basis and has found numerous Zero Day defects in Business Software. Frederik holds a German Diploma in Computer Science and scored several Capture-The- Flag hacking contests first or second place during his time in university.

Links:

• https://troopers.de/troopers18/agenda/7akr8p/
• https://infocon.org/cons/TROOPERS/TROOPERS 2018/Hacking and Securing SAP Hana Applications.mp4

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / ERP Security: Assess, Exploit and Defend SAP Platforms
• 44CON 2016 / Attacks on SAP HANA Platform
• TROOPERS17 (2017) / Protecting SAP HANA from vulnerabilities and exploits