Breaking, Forensicating and Anti-Forensicating SAP Portal and J2EE Engine

A session at CONFidence 2013

  • Dmitriy Chastuchin

Wednesday 29th May, 2013

12:00pm to 12:50pm (WMT)

One of the most critical SAP applications in terms of cyber attacks is SAP Portal, which is based on J2EE engine because it is usually available from the Internet and provides access and connections to other internal SAP and legacy systems. It is necessary to increase awareness in this area, especially after the Anonymous attack on Greece Government where an SAP 0-day vulnerability probably was used, but are you sure that your system has not been compromised? If we talk about SCADA attacks, they are mostly focused on sabotage, which is easy to recognize; attacks on financial systems like banking are focused on money stealing; but if we talk about SAP, the most critical attack is probably espionage, and it is hard to understand if there was espionage because there is no direct evidence of compromise except logs. In this talk, the security architecture of Portal itself and custom applications like iViews will be reviewed, and we will demonstrate how SAP Portal can be attacked. But the main area of the talk will be focused on forensics and finding attack patterns in logs traces and other places to understand if it is possible to completely reverse complex attack patterns. Finally, we will look at how an attacker can try to hide their attacks and how it is possible to deal with it.

There have been a lot of talks covering attacks, but now we will move to the understanding of how to deal with them in the cybercrime era.

About the speakers

This person is speaking at this event.
Dmitriy Chastuchin
This person is speaking at this event.
Eugene Neyolov

Why do you follow me? bio from Twitter

Sign in to add slides, notes or videos to this session

CONFidence 2013

Poland Poland, Krakow

28th29th May 2013

Tell your friends!


Time 12:00pm12:50pm WMT

Date Wed 29th May 2013

Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session