How secure is SAP (NYSE: SAP)? That’s a question that security researcher Alexander Polyakov set out to answer during a session at the Black Hat security conference last week.
Polyakov is the CTO of security firm ERPscan, with a specific area of security research into ERP systems. During his presentation, Polyakov identified the potential attack surface for SAP applications, which includes both internal and external threats. In Polyakov’s view, attackers are most interested in remote attacks that don’t require local access.
The root cause of SAP insecurity, according to Polyakov’s research, comes from the use of Java.
“The Java engine is the black hole of SAP security,” Polyakov said during his Black Hat session.