POSITIVE HACK DAYS



ORGANIZER

Tech


Download the full program in PDF.

CUA as an SAP Attack Vector

Author: Dmitry Gutsko

The talk will cover main vectors of attacks against SAP, particularly with CUA (Central User Administration) as a target. The speaker will review CUA vulnerabilities caused by architectural features, misconfigurations and unchanged default setting. Three attack possibilities will be discussed: obtaining control over one of child CUA systems, getting hold of communication link, and a situation with no control possibilities at all. The speaker will also advise on how to safely configure CUA systems in SAP landscapes.

  • Language
  • Russian

Dmitry Gutsko is an information security expert in the field of SAP. He graduated from MEPhI (2006) specializing in information security. Currently is the head of the SAP Applications Security Analysis Team at Positive Technologies. Dmitry published many vulnerabilities and research papers on various SAP security topics.

Dmitry Gutsko Dmitry Gutsko

Back to the list