Hacking & Defending SAP Applications Live: Clean Core, Dark Shadows

In this episode, we present two high-stakes threat scenarios, based on real-world incidents,  that every SAP customer must prepare for:

• The Trojan Horse: We go deep into the ABAP core to show how a rogue developer or contractor can bypass standard checks to insert a sophisticated backdoor in an ABAP program. By injecting a few lines of malicious code, the actor secures SAP_ALL privileges, allowing them to modify financial records and master data in production while bypassing compliance controls.

• The BTP Blindspot: We demonstrate how an innocent developer mistake in a custom BTP application, such as an insecure API endpoint or a broken authentication check, becomes an open door to the core of the business. Watch as an attacker exploits this flaw without any credentials to silently exfiltrate sensitive enterprise data.