Nuñez Di Croce's company plans later this month to release a tool that will check to ensure applications within the database haven't been tampered with. The tool is called the Onapsis Integrity Analyzer for SAP.

It creates a hash value, or a unique numerical identifier based on the source code for applications. If the tool scans an application later and it has a different hash value, it may have been tampered with, indicating a backdoor, Nuñez Di Croce said.

Nuñez Di Croce's presentation will be in Black Hat's application security track. The conference will have two other tracks, one focusing on the "big picture" security issues and one dedicated to hardware, according to the