Overview
Explore the critical aspects of securing HANA-based deployments in this 47-minute conference talk. Delve into various vulnerability types, HANA adoption trends, and specific security vulnerabilities associated with HANA. Examine the ACP Cyber Security Study and gain insights from HANA consulting experiences. Investigate HANA's internal architecture, user privileges, and discovery methods. Analyze technical details including HTTP and SQL interfaces, TRex components, and communication protocols. Learn about critical vulnerabilities, their impact, and effective protection strategies. Discover solutions for securing HANA and safeguarding admin credentials. Conclude with key takeaways for maintaining robust security in HANA-based environments.
Syllabus
Intro
Agenda
Company overview
Our background
Different types of vulnerabilities
HANA adoption
HANA security vulnerabilities
ACP Cyber Security Study
HANA Consulting
Research
Internals
Architecture
User Privilege
How to discover a HANA
Technical details
HTTP interface
SQL interface
TRex Net
TRex Host
TRex Communications
TLS or SSL
Critical vulnerabilities
What happened
How do we protect
Is it possible
Admin credentials
Solution
Securing HANA
Conclusions
Taught by
WEareTROOPERS