Securing Enterprise Business Applications such as SAP systems poses a large set of challenges. Most companies have been passing through and maturing on how to adopt cryptography and encryption on these systems. However, this opens the door for new challenges. The protection of critical data and processes needs to consider the processes for storing and protecting cryptographic material in a secure way across large distributed systems.
Following on with our research presented last year at Troopers 2017, where we described some of the inner-workings of the SNC protocol and demonstrated practical attacks against misconfigured but common scenarios, this year at Troopers 2018 we’ll dig into how SAP’s cryptographic library protects secrets. In the session, we’ll share some details about how the different protection mechanisms for crypto secrets (certificates, private keys, etc.) are implemented and the actual security level they provide.
With this talk, we hope to give both defenders and attackers some tools and knowledge on how to identify and address risks associated to the storage and protection of sensitive material, such as encryption or signature keys used in critical business process or for protecting communications.
Join us for the talk in Heidelberg on March 14th for a chance to hear more from Martin Gallo, Product Owner at Core Security.