NorthSec 2023

From On-Premises to Cloud: A Comprehensive Analysis of SAP Security Issues
2023-05-18, 16:45–17:15, Salle de Bal

The SAP landscape is complex and highly customized, with numerous systems such as SAP HANA, SAP Solman, SAP Cloud Connector, and SAP ME. Many companies use cloud solutions provided by SAP, such as Cloud SAP HANA and SAP BTP. Those can exchange data with on-premise solutions. The vulnerabilities or misconfigurations in any of these systems can potentially lead to a compromisation of the entire landscape.

In this research, we will discuss the various combinations of security issues and misconfigurations that we discovered last year, which can be exploited by remote attackers or insider users to fully compromise the SAP landscape, both on-premises and in the cloud. We will examine how vulnerabilities and misconfigurations in areas such as password storage and access controls can be exploited to gain unauthorized access to systems and sensitive data. By understanding these vulnerabilities and misconfigurations, companies can take action to improve their security and protect against successful attacks on their SAP landscape.

What is the language of your talk/workshop?


See also: We have completed a draft of our research and would like to share it with you to increase the chances of winning the CFP. Please note that this is a draft version and we are currently working on finalizing it, so there may be some grammatical errors or typos present. Thank you for your understanding.

Vahagn Vardanyan is the CTO of RedRays.

His expertise includes protecting vital business applications, including ERP, CRM, SRM, banking, and processing software. He is a well-known authority on enterprise application security, including SAP and Oracle. He published many vulnerabilities, and SAP routinely thanks him for them.

The author of numerous whitepapers and surveys on SAP security research is Vahagn. He has received invitations to present at many conferences worldwide, including Troopers, Owasp, and others.

Arpine Maghakyan is the CEO of RedRays.
Her area of expertise is protecting bank applications, ERP systems, and processing software. She has a lot of discovered vulnerabilities in public software such as - Oracle, SAP, Dell.