SAP Security patches; The importance, difficulties and solutions!

Presented at TROOPERS18 (2018), March 14, 2018, 5 p.m. (Unknown duration)

SAP releases dozens of new SAP Security patches each month, based on the work of external researchers and internal findings. However many customers don't apply them as regular and often as you would expect them to do. Why is this, what risk is involved and how can we improve this?

In real life we see customers struggling to keep up with these often critical patches due to many reasons. In this session we want to share insights we got from doing SAP Security assessments over the years, the difficulties customers struggle with and the risks involved in not applying patches.

To demonstrate the risk of missing SAP Security notes we will use several of the over 75 vulnerabilities discovered by our own research . We will also present some results of a conducted survey and ways of improving security and the process of applying SAP security patches.


  • Joris van de Vis
    "Joris knows his stuff in the security field of SAP. Apart from his general interest in SAP technology, his specific interest lies in SAP platform security. He loves to help customers to secure their SAP systems. In his spare time you can find him doing SAP security research, flying drones or riding motorbikes. He reported over 75 vulnerabilities in SAP applications to the SAP Security team. Joris has got 17+ years of experience working for large SAP running companies and government departments. Joris is co-founder of ERP-SEC, a SAP security focused company based in the Netherlands."


Similar Presentations: