Latest Threats and Vulnerabilities to Mission-Critical SAP Applications

Explore the latest threats and vulnerabilities to mission-critical SAP applications in this 51-minute conference talk from BSidesLV 2021. Delve into the world of Enterprise Resource Planning (ERP) systems, understanding their critical role in business operations and the increasing shift to cloud-based solutions. Examine the findings from SAP Research Labs and Common Ground's content creation, uncovering the motivations behind threat actors targeting these systems. Analyze attack statistics, time windows, and the implications of SAP's 2020 6287 vulnerability. Learn about default and critical users, the life cycle of attacks, and witness a live demonstration. Gain valuable insights on SAP vulnerability remediation, identifying attack groups, and assessing the reliability of SAP patches. Discover practical takeaways, access the comprehensive report, and participate in a Q&A session covering topics such as determining attack knowledge and estimating remediation timelines.

Introduction
Welcome
What is an ERP
Why are ERP applications critical
ERP applications in the cloud
Latest threats and vulnerabilities
SAP Research Labs
Why did CG create this content
What threat actors are targeting
Numbers
Time windows
SAP 2020 6287
Default and Critical Users
Life Cycle of Attacks
Demo
Overview
Takeaways
Download the Report
Appendix
Questions
SAP Vulnerability Remediation
Identifying Attack Groups
How Reliable Are SAP Patches
How Can We More Reliablely Determine What We Know
How Long Do They Take