Overview
Explore the unique security challenges and attack vectors in real-time, in-memory platforms through this 56-minute Black Hat conference talk. Delve into blended web and database attacks, focusing on SAP HANA as an example. Learn about novel SQL injection techniques exploiting "TIME TRAVEL" features, server-side JavaScript exploits via SQL queries, and potential R programming environment vulnerabilities. Understand how social engineering can become crucial in SQL injection attempts. Witness live demonstrations of newly discovered vulnerabilities and gain insights into protecting these platforms. Acquire a reference framework for security assessments and access sample vulnerable applications to avoid common security pitfalls in development. Recommended for those with a basic understanding of web application and database security concepts.
Syllabus
Intro
Company Introduction
Agenda
InMemory Databases
Innovation
Vendors
CP Systems
SAP HANA
Blended Architecture
SQL Injection
Programming Languages
Creating New Applications
SQL Injection Demo
Time Travel
History Tables
SQL Injections
Concern Measures
Crosssite Scripting
Recommendations
Our Server Integration
Control Measures
Cheat Sheet
Conclusions
Thanks
Taught by
Black Hat