Blended Web and Database Attacks on Real-Time, In-Memory Platforms

Presented at Black Hat Europe 2014, Oct. 16, 2014, 5 p.m. (60 minutes)

It is well known there is a race going on in the "Big Data" arena (take a drink for even thinking about the "Internet of Things"). One of the stronger competitors in the "Big Data" market is Real-Time, In-Memory Platforms. An interesting thing about this platform and, the one we will talk about specifically, is that it blends everything to increase performance. The database tables, webserver engine, webserver code, authorization, analytics engine, libraries, etc. are all optimized to, if possible, never touch the disk. Surprisingly, this causes a perspective shift for the web and database application threat landscape and how security professionals should address it. For example:


Presenters:

  • Willis Vandevanter - Onapsis, Inc.
    Will Vandevanter is a Senior Security Researcher at Onapsis where he focuses on Enterprise security. He has discovered numerous critical vulnerabilities in SAP and other enterprise software. Prior to Onapsis, Will was the Lead Penetration Tester at Rapid7. He has previously spoken at DEF CON, BSides LV, SOURCE Barcelona, and a number of other conferences. Will holds a bachelors degree in Mathematics and Computer Science from McGill University and masters degree in Computer Science with a focus in Secure Software Engineering from James Madison University.
  • Juan Perez-Etchegoyen - Onapsis Inc.
    JP is the CTO of Onapsis, leading the Research & Development teams that keep the Company in the cutting-edge of the ERP security industry. JP is responsible for the design, research and development of the innovative Onapsis' software solutions Onapsis X1 and Onapsis IPS, as well as the future Company's products. Being the founder of the Onapsis Research Labs, Juan is actively involved in the coordination and research of critical security vulnerabilities in ERP systems and business-critical applications, such as SAP, Oracle and JD Edwards. He is also credited for being the first to present on advanced threats to Oracle JD Edwards applications, having discovered numerous critical vulnerabilities in this platform. As a result of his innovative research work, Juan has been invited to lecture trainings and presentations in some of the most renowned security conferences of the world, such as Black Hat, OWASP, DeepSec, HackInTheBox, among others as well as to host private trainings for Global Fortune-100 organizations. Finally, JP is the lead trainer of the Black Hat 2014 Training: ERP Security:Assess, Exploit and Defend SAP Platforms.

Links:

Similar Presentations: