Building

Virtualized Training Environment with Ansible

As Kai and I will be holding a TROOPERS workshop on automation with ansible, we needed a setup for the attendees to use ansible against virtual machines we set up with the necessary environment. The idea was, that every attendee has their own VMs to run ansible against, ideally including one to run ansible from, as we want to avoid setup or version incompatibilities if they set up their own ansible environment on their laptop.  Also they should only be able to talk to their own machines, thus avoiding conflicts because of accidental usage of wrong IPs or host names but also simplify the setup for the users.

Continue reading “Virtualized Training Environment with Ansible”

Continue reading
Events

Diving Into Real-World Security Threats to SAP Systems

This is a guest post by the SAP security experts of BIZEC. Enjoy reading:

On March 20th, the first BIZEC workshop will be held at the amazing Troopers conference in Heidelberg, Germany. For those still unfamiliar with BIZEC: the business application security initiative is a non-profit organization focused on security threats affecting ERP systems and business-critical infrastructures.

The main goals of BIZEC are:

  • Raise awareness, demonstrating that ERP security must be analyzed holistically.
  • Analyze current and future threats affecting these systems.
  • Serve as a unique central point of knowledge and reference in this subject.
  • Provide experienced feedback to global organizations, helping them to increase the security of their business-critical information.
  • Organize events with the community to share and exchange information.

The “BIZEC workshop at Troopers 2012” will dive into the security of SAP platforms. Still to this day, a big part of the Auditing and Information Security industries believe that Segregation of Duties (SoD) controls are enough to protect these business-critical systems.
By attending this session, InfoSec professionals and SAP security managers will be able to stop “flying blind” with regards to the security of their SAP systems. They will learn why SoD controls are not enough, which current threats exist that could be exploited by evil hackers, and how to protect their business-critical information from cyber-attacks.

Attendees can expect a high-dose of technical content covering the latest advances in the SAP security field.

The agenda is really exciting, covering hot topics such as:

  • Real-world cyber-threats to SAP systems, by Mariano Nunez Di Croce (Onapsis)
  • Five years of ABAP Code Reviews – A retrospective, by Frederik Weidemann (VirtualForge)
  • SAP Solution Manager from the hackers point of view, by Ralf Kemp (akquinet)

The workshop will be full of live demonstrations of attacks and discussions on possible mitigation techniques. Furthermore, attendees will have the pleasure of enjoying a great introduction by Gary McGraw, CTO of Cigital and pioneer in software security.

If you want to stay ahead of the threats affecting your SAP platforms, you can’t miss this workshop!

The BIZEC team

Comment by the Insinuator: We’ve prolongued the early-bird period until February 10th. We hope that helps to get your favorite event budgeted 😉


Continue reading