Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Blended Web and Database Attacks on Real-time, In-Memory Platforms

OWASP Foundation via YouTube

Overview

Explore blended web and database attacks on real-time, in-memory platforms in this 49-minute conference talk from AppSecUSA 2014. Dive into the unique security challenges posed by platforms like SAP HANA, where databases, web servers, and application code are optimized for performance. Learn about novel attack vectors, including SQL injection exploiting "TIME TRAVEL" features, server-side JavaScript exploits via SQL queries, and potential vulnerabilities in R programming integration. Discover how traditional attack methods may require adaptation in these environments, including the role of social engineering in SQL injection. Gain insights into assessing and securing these platforms through live demonstrations of vulnerabilities, a reference framework for security professionals, and sample applications highlighting common pitfalls for developers.

Syllabus

Intro
In Memory Computing/IMDB
Reasons
Market Leaders
Main Vendors
What is SAP?
A blended architecture (contd)
Impact of vulnerabilities
SAP HANA Concepts
SQL Injection on HANA
Time travel tables and SQL injection
Countermeasures
Cross Site Scripting
Use Security Features
Attacks to the R-Integration
Calling C++ functions
Conclusions

Taught by

OWASP Foundation

Reviews

Start your review of Blended Web and Database Attacks on Real-time, In-Memory Platforms

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.