Explore SAP vulnerabilities, credit card security, and business process attacks in this Black Hat conference talk. Dive into core attack vectors, learn how to determine and manipulate victim bank accounts, and understand credit card processing in SAP systems. Discover methods for accessing cleartext cardholder information and decrypting encrypted credit card numbers. Examine external vendor payment solutions and their connectivity. Gain insights into implementing holistic security processes and automation to protect SAP environments. Equip yourself with knowledge on SAP security best practices and potential threats in this comprehensive 44-minute presentation.
SAP, Credit Cards, and the Bird That Knows Too Much
Overview
Syllabus
Intro
Attacking the Core
Attack Vectors
How can it be attacked?
What is a Business Process?
Example: Attacking the Business Processes
Determining Victim Bank Accounts
Changing the Bank Accounts
End of Chapter!
Credit Card Processing on SAP
Credit Card Data
Accessing Cleartext Cardholder information
Free Tool? - Sapsucker
Decrypting Encrypted Credit Card Numbers
External Vendors for Payment Solutions
Standard Concept
External Payment Card Interface Connectivity
Address The Complete Picture
Implement a Holistic Process to Stay Secure
Automate it
The Menu of SAP Security
Taught by
Black Hat
