YoVDO

Blended Web and Database Attacks on Real-time, In-Memory Platforms

Offered By: OWASP Foundation via YouTube

Tags

Web Security Courses R Programming Courses SAP HANA Courses SQL Injection Courses In-Memory Databases Courses Server-side JavaScript Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore blended web and database attacks on real-time, in-memory platforms in this 49-minute conference talk from AppSecUSA 2014. Dive into the unique security challenges posed by platforms like SAP HANA, where databases, web servers, and application code are optimized for performance. Learn about novel attack vectors, including SQL injection exploiting "TIME TRAVEL" features, server-side JavaScript exploits via SQL queries, and potential vulnerabilities in R programming integration. Discover how traditional attack methods may require adaptation in these environments, including the role of social engineering in SQL injection. Gain insights into assessing and securing these platforms through live demonstrations of vulnerabilities, a reference framework for security professionals, and sample applications highlighting common pitfalls for developers.

Syllabus

Intro
In Memory Computing/IMDB
Reasons
Market Leaders
Main Vendors
What is SAP?
A blended architecture (contd)
Impact of vulnerabilities
SAP HANA Concepts
SQL Injection on HANA
Time travel tables and SQL injection
Countermeasures
Cross Site Scripting
Use Security Features
Attacks to the R-Integration
Calling C++ functions
Conclusions


Taught by

OWASP Foundation

Related Courses

Introduction to SAP HANA Cloud Platform
SAP Learning Introduction to Software Development on SAP HANA
SAP Learning SAP Business Suite powered by SAP HANA
SAP Learning An Introduction to SAP HANA
SAP Learning Next Steps in SAP HANA Cloud Platform
SAP Learning