Main Page
From Bizec.org - The Business Security Community
Jump to: navigation, search

Contents

BIZEC - Mission

The business application security initiative (BIZEC.org) is a non-profit organization that focuses on security defects in business applications. These applications are the responsible for processing and managing the most critical business information and processes, which turns their protection into a key subject for private, governmental and defense organizations around the globe.

To these days, many security professionals believe that ERP security is a synonym of "Segregation of Duties". While functional security is highly important, there are many other threats which imply higher levels of risk and are not usually properly assessed. The work of BIZEC is centered on risk rather than on technical details. This enables organizations to understand the impact of application security vulnerabilities and prioritize their mitigation accordingly.

The main goals of BIZEC are:

  • Raise awareness, demonstrating that ERP security must be analyzed holistically.
  • Analyze current and future threats affecting these systems.
  • Serve as a unique central point of knowledge and reference in this subject.
  • Provide experienced feedback to global Organizations, helping them to increase the security of their business-critical information.
  • Organize events with the community to share and exchange information.

BIZEC does not endorse or recommend commercial products or services with the objective of remaining as a vendor-independent community and provide the best available information free of commercial bounds and restrictions.

Upcoming Events

We are proud to announce the first BIZEC event!

On March 20, 2012 the BIZEC workshop "SAP Security – Vulnerabilities, Exploits & Remediation" [1] will take place as part of the Troopers12 IT-security Conference in Heidelberg, Germany [2].

The agenda is really exciting, covering hot topics such as:

  • Real-world cyber-threats to SAP systems, by Mariano Nunez Di Croce (Onapsis)
  • Five years of ABAP Code Reviews – A retrospective, by Frederik Weidemann (VirtualForge)
  • SAP Solution Manager from the hackers point of view, by Ralf Kemp (akquinet)

Take part in the Troopers12 BIZEC Challenge!

Make sure to join us in Heidelberg!

BIZEC SAP Project

Since SAP is the dominating ERP vendor, BIZEC’s first project focuses on issues affecting the security of SAP business applications. BIZEC describes several SAP Security Features built into the SAP Standard that are designed to achieve the SAP protection goals. It's important to understand which features are in place and which protection goals are important in your business context.

As SAP solutions comprise several technological and business layers, we have structured content accordingly to provide organized and useful information. Currently, the SAP project is composed of the following subprojects:

  • BIZEC APP11: Top security defects affecting custom ABAP applications.
  • BIZEC TEC11: Top security defects affecting the technological components of SAP implementations.

BIZEC Contribution

Since we are strongly convinced that the discipline of business application security is still in its infancy, there is still much research to be done. Thus we encourage individuals and companies to support this project.

For details how to join BIZEC, please visit the "How to become a Member" section of the Members page.

Join BIZEC. Contribute.

Image:Contact.png

Retrieved from "http://www.bizec.org/wiki/Main_Page"
Personal tools