Attacks on SAP HANA Platform

Presented at 44CON 2016, Unknown date/time (Unknown duration)

Companies nowadays are choosing between on-premise, cloud and hybrid deployment models. The common factor across all of these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database integrated with an application server that provides a new paradigm for vulnerabilities and risks, serving an increasing number of business applications, providing cutting edge features and overwhelming performance. With the rise of IoT, many features and interfaces are integrated into SAP HANA and the HANA Cloud Platform, enabling it as a central point for IoT communications and making it an interesting target for anyone trying to access the information of several millions of devices across the world. Vulnerabilities affecting SAP HANA now have an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of these risks. Join us for this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.

Presenters:

• Nahuel Sanchez
• Juan Perez-Etchegoyen

Similar Presentations:

• TROOPERS18 (2018) / Hacking and Securing SAP Hana Applications from a Penetration Testers Point of View
• TROOPERS17 (2017) / Protecting SAP HANA from vulnerabilities and exploits
• TROOPERS16 (2016) / Preventing vulnerabilities in HANA-based deployments