Risky Business #216 -- WebScarab for SAP!

PLUS: First State Superannuation withdraws action against Patrick Webster...
20 Oct 2011 » Risky Business

This week's feature interview is with Ian De Villiers of the South African security firm Sensepost.

Ian recently dropped a couple of interesting SAP security tools at 44con in London and ZACon in South Africa.

SAP makes Enterprise Resource Planning (ERP) solutions... CRM, SCM, PLM... you know, all that three-lettered, thick client enterprise stuff. It's everywhere and as it turns out, one of the only things that has saved it from thorough examination in the past has been the obscurity of its protocol.

Well, Ian, extending the work of Ukranian security guy Dennis Yurichev, has written a couple of tools that will let you play around with SAP software. He's written a protocol decoder, SAPcap, and SAProx, which Ian describes as being like Webscarab for the SAP protocol.

Also this week, Adam Boileau and I have a chat about the week's news, PLUS the latest twists in the First State Superannuation saga.