CUA as an SAP Attack Vector
Author: Dmitry Gutsko
The talk will cover main vectors of attacks against SAP, particularly with CUA (Central User Administration) as a target. The speaker will review CUA vulnerabilities caused by architectural features, misconfigurations and unchanged default setting. Three attack possibilities will be discussed: obtaining control over one of child CUA systems, getting hold of communication link, and a situation with no control possibilities at all. The speaker will also advise on how to safely configure CUA systems in SAP landscapes.
Dmitry Gutsko is an information security expert in the field of SAP. He graduated from MEPhI (2006) specializing in information security. Currently is the head of the SAP Applications Security Analysis Team at Positive Technologies. Dmitry published many vulnerabilities and research papers on various SAP security topics.