DeepSec 2024 Training: SAP Cyber Security 101 – Andreas Wiegenstein
In many companies, we find that CISOs and security officers do not have any (in-depth) knowledge of SAP. Therefore the topic of SAP security often gets underestimated. Anyone interested in gaining insight into the important basics of SAP technologies can benefit from this highly compact crash course on SAP security. The session will give you an overview of security threats and ways to counter them. It is a sneak preview for a complete SAP security training.
We asked Andreas a few more questions about his training.
Please tell us the top 5 facts about your training.
- Delivers a general introduction to SAP technologies; no prior knowledge needed
- Provides a broad overview of SAP security features, mechanisms and architecture
- Discusses inherent SAP risks and weaknesses (no 0-Days !)
- Provides insights into typical SAP security challenges SAP customers are facing
- Explains common SAP security best practices
How did you come up with it? Was there something like an initial spark that set your mind on creating this training?
I noticed that even seasoned IT security experts often lack basic SAP security know-how. I want to change this.
Why do you think this is an important topic?
If security officers do not understand SAP technologies and the corresponding risks, how are they supposed to protect their company?
Is there something you want everybody to know – some good advice for our readers, maybe?
If the following three things apply, wouldn’t it make sense to at least get a basic understanding of SAP risks?
a) your company runs SAP
b) you are responsible for cyber security
c) you have no or very limited SAP know-how
A prediction for the future – what do you think will be the next innovations or future downfalls for your field of expertise / the topic of your training in particular?
This training is a general introduction to SAP cyber security, so the question is not really applicable, I assume.
Andreas is an experienced SAP security researcher. He discovered a substantial number of zero-days in SAP software and supported the development of a market leading ABAP SCA tool. Andreas has spoken at multiple security conferences such as Black Hat, DeepSec, HITB, IT Defense, RSA and Troopers. He currently focuses his research on SAP malware.