Protecting SAP HANA from vulnerabilities and exploits
SAP HANA is considered by SAP to be the most important technology among its offerings including S/4HANA, HANA Cloud Platform and other products, heavily relying on its power to process big data at a fast pace.
It has already been adapted by more than 7,200 customers worldwide including governments, aerospace and defense, automotive and healthcare companies to name a few. Conceived and designed to be the underlying database for every future SAP System, it stores all business-critical information that keeps a company running.
Over the past few years, SAP has included new features in SAP HANA to fulfill their customer???s business needs. However, as a result, these features have increased the platform’s attack surface.
During this presentation, we’ll analyze the evolution of SAP HANA security from its beginning to its latest version, 2.0, which was recently released. Attendees will understand how the platform evolved through architectural changes, and vulnerabilities being addressed by SAP. This presentation will cover the process of vulnerability discovery and evaluation of fixes including some of the critical bugs uncovered by our research team.
Finally, we will share our recommendations for how organizations can protect their SAP HANA platform against attackers, and will provide guidelines for effectively auditing and assessing SAP HANA Systems.