Owning SAP ASE: Chained Database Attack

  • Thursday, April 23, 2015 | 8:00 AM – 8:50 AM | West | Room: 3018

View all Sessions

A few vulnerabilities chained together will allow anyone with a network connection to a database server, to get complete control over it. We will go over a specific example using SAP ASE 15.7 and 16.0 as targets. Advanced vulnerabilities will be shown. Following application development best practices is not enough. DBAs must keep databases patched, deploy only required functionality and perform frequent audits.


This document was retrieved from on Mon, 25 Mar 2019 20:27:49 -0400.