Members of the Research Labs frequently lecture at key security and audit conferences across the globe.

To help guide the industry with strategic foresight into matters affecting SAP cyber-security, each presentation is available for download below.

Join us on this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.
This presentation contains references to the products of SAP AG. SAP, R/3, xApps, xApp, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world.
CTO Juan Perez-Etchegoyen discusses how to perform security audits and vulnerability assessments of SAP HANA environments, identifying critical security gaps and remediation information.
While cyber attacks are increasing every year, SAP systems are still not immune to being targeted by attackers and being involved in IT security incidents. Incident response and forensics analysis are complex tasks, especially when performed on systems that are not only diverse in terms of products, versions, operating systems and databases, but also in the big customisation layer that SAP systems have.
What you learned in school is that dinosaurs have been extinct for the last 65 billion years... but what you may not know is that you can still find a fearless and dangerous species in today's business critical applications. Join us in this talk to learn about products that you will find in every SAP implementation which are used for managing, searching and indexing sensitive business information. We will introduce you to SAP T-REX, which is an advanced search engine used to support all the text search processes on SAP products, such as ERP, Portal, Netweaver and Fiori and many others.
After a short introduction about SAP HANA, some attack vectors against HANA were reviewed. About SQL injections, HANA has a nice feature: history tables. If the user does not delete it, the information remains available! XSS attacks were reviewed as well as integration with the R-Server.
In this presentation we will discuss the architecture, security features and new vulnerabilities we have detected in two implementations of popular Enterprise RMI frameworks: CORBA and SAP RMI-P4.
This presentation will cover how to do a forensic analysis of an SAP system, looking for traces of a security breach. Learn where fingerprints may have been left, understand which are the available system tools that may help you and which are their limitations.
This presentation will explain the main components and capabilities of TMS. Detailing specific ways in which organizations can increase the protection of their SAP platforms by gaining visibility to the risks and securing TMS.
See risks a default or insecure setting could introduce to the whole SAP infrastructure, real life examples of these misconfigurations and the threats introduced by them through several live demos.