SlideShare ist ein Scribd-Unternehmen logo

Assessing and Measuring Security in Custom SAP Applications

S
sebastianschinzel

Presentation by Sebastian Schinzel at the conference Mastering SAP Technologies 2008, Goldcoast Australia

1 von 29
Assessing and Measuring Security in Custom SAP Applications Sebastian Schinzel IT-Security Consultant Virtual Forge GmbH
[object Object],[object Object],[object Object],[object Object],[object Object],Agenda
Common Security Vulnerabilities ,[object Object]
[object Object],Common Security Vulnerabilities ,[object Object],[object Object]
Common Security Vulnerabilities ,[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Common Security Vulnerabilities
Common Security Vulnerabilities
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Common Security Vulnerabilities
[object Object],[object Object],[object Object],[object Object],[object Object],Agenda
[object Object],[object Object],[object Object],[object Object],[object Object],Threat Modelling
[object Object],[object Object],[object Object],[object Object],Threat Modelling Probability of getting caught Skill needed for attack Time needed for attack Cost Repudiation Blackmail Industrial espionage Benefit
[object Object],[object Object],[object Object],[object Object],Threat Modelling
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Threat Modelling
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Threat Modelling
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Threat Modelling
[object Object],[object Object],[object Object],[object Object],[object Object],Agenda
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Measuring Security  How do you know?  What is the impact?  Is that enough?  How can you tell?  How secure is your code?
Measuring Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Measuring Security ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],Measuring Security
[object Object],[object Object],[object Object],[object Object],[object Object],Agenda
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],How Can I Improve My Security Performance
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],How Can I Improve My Security Performance
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],How Can I Improve My Security Performance
[object Object],[object Object],[object Object],[object Object],[object Object],Agenda
Hands-on Threat Modelling
[object Object],[object Object],[object Object],[object Object],[object Object],Conclusion
3 Key Points to Take Home ,[object Object],[object Object],[object Object]
QUESTIONS? Sebastian Schinzel [email_address]

Empfohlen

Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksMarco Morana
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling TrainingBryan Len
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling MethodologiesEC-Council
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityLarry Ball
 
Pasta Threat Modeling
Pasta Threat ModelingPasta Threat Modeling
Pasta Threat ModelingEC-Council
 
The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...Ken DeSouza
 

Empfohlen

Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksMarco Morana
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling TrainingBryan Len
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management WorkshopStacy Willis
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling MethodologiesEC-Council
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityLarry Ball
 
Pasta Threat Modeling
Pasta Threat ModelingPasta Threat Modeling
Pasta Threat ModelingEC-Council
 
The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...The bare minimum that you should know about web application security testing ...
The bare minimum that you should know about web application security testing ...Ken DeSouza
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
Vulnerability scanning project
Vulnerability scanning projectVulnerability scanning project
Vulnerability scanning projectChirag Dhamecha
 
Unisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_finalUnisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_finalKoko Fontana
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
tarunidhar
tarunidhartarunidhar
tarunidhartarunidhar chitirala
 
Application Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testersApplication Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testersGustavo Nieves Arreaza
 
Security for Architects and Developers
Security for Architects and DevelopersSecurity for Architects and Developers
Security for Architects and DevelopersShamir Charania
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012DefCamp
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleRishi Kant
 
Mobile application security Guidelines
Mobile application security GuidelinesMobile application security Guidelines
Mobile application security GuidelinesEntersoft Security
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Madam synopis
Madam synopisMadam synopis
Madam synopisuttarkar
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 
web application security
web application security web application security
web application security ahmed sami
 
Measuring The Security Of Web Applications (Owasp Germany 2008)
Measuring The Security Of Web Applications (Owasp Germany 2008)Measuring The Security Of Web Applications (Owasp Germany 2008)
Measuring The Security Of Web Applications (Owasp Germany 2008)sebastianschinzel
 
Gs
GsGs
Gsrenzel ordenes
 

Weitere ähnliche Inhalte

Was ist angesagt?

Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
Vulnerability scanning project
Vulnerability scanning projectVulnerability scanning project
Vulnerability scanning projectChirag Dhamecha
 
Unisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_finalUnisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_finalKoko Fontana
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Application Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testersApplication Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testersGustavo Nieves Arreaza
 
Security for Architects and Developers
Security for Architects and DevelopersSecurity for Architects and Developers
Security for Architects and DevelopersShamir Charania
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012DefCamp
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleRishi Kant
 
Mobile application security Guidelines
Mobile application security GuidelinesMobile application security Guidelines
Mobile application security GuidelinesEntersoft Security
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Madam synopis
Madam synopisMadam synopis
Madam synopisuttarkar
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 
web application security
web application security web application security
web application security ahmed sami
 

Was ist angesagt? (20)

Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
Vulnerability scanning project
Vulnerability scanning projectVulnerability scanning project
Vulnerability scanning project
 
Unisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_finalUnisys_AppDefender_Symantec_CFD_0_1_final
Unisys_AppDefender_Symantec_CFD_0_1_final
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
tarunidhar
tarunidhartarunidhar
tarunidhar
 
Application Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testersApplication Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testers
 
Security for Architects and Developers
Security for Architects and DevelopersSecurity for Architects and Developers
Security for Architects and Developers
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing Checklist
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
Mobile application security Guidelines
Mobile application security GuidelinesMobile application security Guidelines
Mobile application security Guidelines
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and BrowsersAnalysis of XSS attack Mitigation techniques based on Platforms and Browsers
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
Madam synopis
Madam synopisMadam synopis
Madam synopis
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
 
web application security
web application security web application security
web application security
 

Andere mochten auch

Measuring The Security Of Web Applications (Owasp Germany 2008)
Measuring The Security Of Web Applications (Owasp Germany 2008)Measuring The Security Of Web Applications (Owasp Germany 2008)
Measuring The Security Of Web Applications (Owasp Germany 2008)sebastianschinzel
 
Numerical Differentiations Solved examples
Numerical Differentiations Solved examplesNumerical Differentiations Solved examples
Numerical Differentiations Solved examplesDevelopedia
 
C.S. Lewis Teaching & Activity Guides
C.S. Lewis Teaching & Activity GuidesC.S. Lewis Teaching & Activity Guides
C.S. Lewis Teaching & Activity GuidesHomeschool Literature
 
7 modulo 1_de_producao_4_1
7 modulo 1_de_producao_4_17 modulo 1_de_producao_4_1
7 modulo 1_de_producao_4_1Bhayano Sheyk
 
ссво от 06.11.2015
ссво от 06.11.2015 ссво от 06.11.2015
ссво от 06.11.2015 smoker403
 
Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)
Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)
Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)sebastianschinzel
 
5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regulares
5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regulares5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regulares
5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regularesBhayano Sheyk
 

Andere mochten auch (8)

Measuring The Security Of Web Applications (Owasp Germany 2008)
Measuring The Security Of Web Applications (Owasp Germany 2008)Measuring The Security Of Web Applications (Owasp Germany 2008)
Measuring The Security Of Web Applications (Owasp Germany 2008)
 
Gs
GsGs
Gs
 
Numerical Differentiations Solved examples
Numerical Differentiations Solved examplesNumerical Differentiations Solved examples
Numerical Differentiations Solved examples
 
C.S. Lewis Teaching & Activity Guides
C.S. Lewis Teaching & Activity GuidesC.S. Lewis Teaching & Activity Guides
C.S. Lewis Teaching & Activity Guides
 
7 modulo 1_de_producao_4_1
7 modulo 1_de_producao_4_17 modulo 1_de_producao_4_1
7 modulo 1_de_producao_4_1
 
ссво от 06.11.2015
ссво от 06.11.2015 ссво от 06.11.2015
ссво от 06.11.2015
 
Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)
Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)
Schwachstellen In Sap Web Anwendungen (OWASP Germany 2009)
 
5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regulares
5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regulares5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regulares
5 modulo 3_de_producao_10_1_pessoa_da_tostadeira_regulares
 

Ähnlich wie Assessing and Measuring Security in Custom SAP Applications

Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software securityMarco Morana
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptxInfosectrain3
 
How to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budgetHow to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budgetLumension
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security FrameworksMarco Morana
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress NycBob Maley
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web ApplicationsNadia BENCHIKHA
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Cenzic
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scaleOWASP
 

Ähnlich wie Assessing and Measuring Security in Custom SAP Applications (20)

Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Business cases for software security
Business cases for software securityBusiness cases for software security
Business cases for software security
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptx
 
How to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budgetHow to improve endpoint security on a SMB budget
How to improve endpoint security on a SMB budget
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security Frameworks
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web Applications
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Threat modeling
Threat modelingThreat modeling
Threat modeling
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale
 

Assessing and Measuring Security in Custom SAP Applications

Hinweis der Redaktion

  1. How attackers bring home the bacon A method to find, analyse, and document threats to your business assets Measure the security of your applications
  2. - Normal users were falsely logged on as different users
  3. SAP architectures very complex --> People cannot grasp architecture, different opinions about how architecture works among developers --> Many forgotten legacy systems --> A lot of glue code to make legacy systems work with newer components --> A lot of customisations with zero documentation, authors have long moved on no in-depth-knowledge, system just works --> no need to know system as long as it runs
  4. How attackers bring home the bacon A method to find, analyse, and document threats to your business assets Measure the security of your applications
  5. Result?
  6. How attackers bring home the bacon A method to find, analyse, and document threats to your business assets Measure the security of your applications
  7. How attackers bring home the bacon A method to find, analyse, and document threats to your business assets Measure the security of your applications
  8. Easy to fix: mitigation by changing web server configuration
  9. Easy to fix: mitigation by changing web server configuration
  10. How attackers bring home the bacon A method to find, analyse, and document threats to your business assets Measure the security of your applications
  11. Meet me at the virtual forge booth