Onapsis - RECON and other SAP vulnerabilities
September 25, 13:00-14:00
SAP’s July Security Notes included a fix for a critical vulnerability which has been named RECON. Successfully exploiting RECON could give an unauthenticated attacker full access to the affected SAP system, including the ability to modify financial records, view personal identifiable information (PII), corrupt data, delete or modify logs and traces, and other actions that put essential business operations and regulatory compliance at risk. Note that on the Common Vulnerability Scoring System (CVSS) RECON has been classified as 10, the maximum vulnerability score.
The Onapsis Research Labs first identified this vulnerability in May 2020 and has worked closely with the SAP Security Response Team on a mitigation strategy. By attending this webinar, you will learn:
- Details of the RECON vulnerability
- The business impact
- Why patching SAP is so important
- Recommendations for keeping SAP protected
- How to protect your SAP system from future threats
Presented by:
Frederik Weidemann
Onapsis Inc.
Frederik is a cybersecurity expert and Chief Technical Evangelist at Onapsis. He presented over 50 times at SAP and security related conferences like RSA, Troopers, SAPPHIRE, TechEd, SAP Insider, ASUG, DSAG, and OWASP. He has focused on SAP Security for the last fourteen years and is the co-author of the first book on Secure ABAP Programming. Frederik also frequently writes articles on SAP security and has found numerous zero-day defects in business-critical applications.
The event was evaluated Fantastic = 6,5 on a scale 1-7.
Recording: [slides]
Contact Martin if you have questions or comments.
Martin Brownsword
Head of Innovation Team IT, HANA, Projects
SBN - SAP Brukerforening i Norge
mb@adfahrer.com
+47 917 11 593
Tags: it, hana, projects, onapsis
Number of participants: 31
-
Sakthivel SivaguruBouvet
-
Øyvind NordangBouvet
-
Febrianti WibawaCapgemini
-
Joachim KalandOrkla
-
Tor Einar JørgensenHelse Midt-Norge
-
Thomas Bladh1DigitalTrust
-
Donnie Lund1DigitalTrust
-
Piotr CieslewiczEFF
-
Andreas MoosPwC
-
Paul HemelsoetStatkraft AS
-
Trygve LeivestadOrkla IT AS
-
Simon RudkinAibel AS
-
Satkardeep SinghHCL
-
Hildegunn HaugestølElkjøp
-
Amund Skaar-HvalCapgemini
-
Sonja Hennie HansenHelse Midt-Norge
-
Knut SellisethHelse Midt Norge
-
Eigil Bjelde JensenNorske Skog AS
-
Yngve KarlsenAker BP
-
Lenny HidalgoKPMG
-
Sarmad Reda1DigtialTrust
-
Troels Lindgaard1DigitalTrust
-
Eva-Maria FahrerSBN-Adfahrer
-
Jan Peter KochStatkraft AS
-
Therese MalchoNets Denmark A/S
-
Jurijs TolokoncevsZalaris ASA
-
Lars Grorudelkjop
-
Diwakar ThanikachalamZalaris ASA
-
Martin BrownswordSBN-Adfahrer
-
Jens Petter KarlsenAccenture AS
-
Peter Jaegeritelligence Nordic