Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

When Fuzzing Meets SAP Network Services

Hack In The Box Security Conference via YouTube

Overview

Explore the intersection of fuzzing and SAP network services in this 42-minute conference talk from the Hack In The Box Security Conference. Delve into the challenges and solutions of applying automated vulnerability detection techniques to business-critical SAP applications. Learn about the journey from discovering the SAP world to successfully fuzzing blackbox services over custom network protocols. Understand the three main challenges: limited performance due to network layers, the complexity of custom protocols, and the intricacies of crash reproduction and analysis. Discover how these obstacles were overcome, leading to the discovery of 20 new vulnerabilities across six different SAP services. Gain insights into fuzzer selection and modification, test case generation, and crash analysis techniques. Acquire practical knowledge to apply this approach to other complex systems with custom network protocols, potentially uncovering critical remote vulnerabilities. Benefit from the expertise of Yvan Genuer, a Senior Security Researcher at Onapsis with over 15 years of SAP experience, as he shares valuable research findings and methodologies for effective security testing of custom network services.

Syllabus

#HITBCW2021 D2 - When Fuzzing Meets SAP Network Services - Yvan Genuer

Taught by

Hack In The Box Security Conference

Reviews

Start your review of When Fuzzing Meets SAP Network Services

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.