SAP, a key player in global commerce, serves top companies worldwide. However, SAP systems are vulnerable to cyber-attacks, risking financial loss, IP theft, and more. Regular security assessments, like penetration testing, are crucial for mitigation. Yet, there's a shortage of skilled professionals for this. Open-source tools are limited, hindering effective vulnerability identification. This training aims to familiarize the audience with SAP security testing and covers SAP Logon/GUI, a seemingly complex aspect. The presenter introduces "OWASP SAPKiln," an open-source GUI tool simplifying security checks using SAP Logon/GUI. It automates over 70 checks via SAP scripting, aiding security researchers in safeguarding SAP systems.

Speaker's Bio

Alex Neelankavil Devassy is a seasoned Cyber Security Consultant with over 5 years of extensive experience in penetration testing, security consultancy, and cyber security training. With a strong background in conducting security assessments, Alex specializes in penetration testing of various systems, including commercial off-the-shelf Web Applications, Network, Mobile, and Thick client applications. With a focus on emerging technologies, Alex is dedicated to developing methodologies, tools, presentations, and learning materials for security assessments of Blockchain and SAP systems. His expertise extends to automating pen testing activities using Azure Serverless modules, PowerShell, Nodejs, Docker, and other cutting-edge technologies. Alex's achievements include co-authoring the chapter "Safeguarding Blockchains from Adversarial Tactics" in the book "Blockchain for Industry 4.0: Emergence, Challenges, and Opportunities." He had also shared his knowledge as a speaker at hacking and cyber security conference c0c0n 15th, where they delved into the topic of "Hyperledger Fabric & Ethereum Apps: Security Deep Dive." Additionally, Alex has delivered talks on "Blockchain Security" at OWASP Tunisia and Kerala chapters.