How to use HANA Persistence Services
Agenda:
SAP HANA Cloud Persistence Service
How to access the SAP HANA DB
What is JPA?
EclipseLink
JPA and SAP HANA DB
Demo & Scenarios
Q&A
Highway to Production Securing the SAP TMSOnapsis Inc.
In all SAP implementations there are numerous reasons why organizations would need to make changes and updates; from changes to legislation and compliance mandates to business growth and process evolution. The Transport Management System (TMS) is the backbone for properly executing these changes across a landscape (Dev, QA, PROD, etc). If TMS is not properly secured, a malicious attacker could initiate disruptive and negatively impactful changes to Productive systems.
In this presentation we will explain the main components and capabilities of TMS. We will then detail specific ways in which organizations can increase the protection of their SAP platforms by gaining visibility to the risks and securing TMS.
The presentation is based on the research contained in the latest SAP Security In-Depth publication: SAP TMS: A Highway to Production.
Distributed Object or Remote Method Invocation (RMI) frameworks facilitate the remote invocation of methods and creation of objects between systems. Conceptually RMI frameworks are similar to Remote Procedure Call (RPC) platforms. A main difference is that in RMI the client and the server work with the entire object lifecycle (i.e. creation, destruction) whereas RPC is typically limited to remote methods or procedures. RMI frameworks are interesting because they provide a remote method for object manipulation. Even though Web Services have taken the lead as the de-facto technology for communication in distributed applications, RMI frameworks are still widely used in many applications. Almost every programming language has support for one or, usually, more RMI frameworks. The proliferation of this technology made RMI interfaces very common among all sorts of software, especially across Enterprise Applications, and constitute a fruitful vector from an attacker's point of view. In this presentation we will discuss the architecture, security features and new vulnerabilities we have detected in two implementations of popular Enterprise RMI frameworks: CORBA and SAP RMI-P4. Through live demonstrations, we will demonstrate novel techniques for remote file read/write, arbitrary database access, session hijacking, and other critical bugs in large enterprise platforms, as well as the countermeasures in order to protect from these threats. We will walk you through the vulnerability research process we performed over these frameworks, enabling you to understand also how these attacks could be extended to other RMI implementations you may encounter.
How to use HANA Persistence Services
Agenda:
SAP HANA Cloud Persistence Service
How to access the SAP HANA DB
What is JPA?
EclipseLink
JPA and SAP HANA DB
Demo & Scenarios
Q&A
Highway to Production Securing the SAP TMSOnapsis Inc.
In all SAP implementations there are numerous reasons why organizations would need to make changes and updates; from changes to legislation and compliance mandates to business growth and process evolution. The Transport Management System (TMS) is the backbone for properly executing these changes across a landscape (Dev, QA, PROD, etc). If TMS is not properly secured, a malicious attacker could initiate disruptive and negatively impactful changes to Productive systems.
In this presentation we will explain the main components and capabilities of TMS. We will then detail specific ways in which organizations can increase the protection of their SAP platforms by gaining visibility to the risks and securing TMS.
The presentation is based on the research contained in the latest SAP Security In-Depth publication: SAP TMS: A Highway to Production.
Distributed Object or Remote Method Invocation (RMI) frameworks facilitate the remote invocation of methods and creation of objects between systems. Conceptually RMI frameworks are similar to Remote Procedure Call (RPC) platforms. A main difference is that in RMI the client and the server work with the entire object lifecycle (i.e. creation, destruction) whereas RPC is typically limited to remote methods or procedures. RMI frameworks are interesting because they provide a remote method for object manipulation. Even though Web Services have taken the lead as the de-facto technology for communication in distributed applications, RMI frameworks are still widely used in many applications. Almost every programming language has support for one or, usually, more RMI frameworks. The proliferation of this technology made RMI interfaces very common among all sorts of software, especially across Enterprise Applications, and constitute a fruitful vector from an attacker's point of view. In this presentation we will discuss the architecture, security features and new vulnerabilities we have detected in two implementations of popular Enterprise RMI frameworks: CORBA and SAP RMI-P4. Through live demonstrations, we will demonstrate novel techniques for remote file read/write, arbitrary database access, session hijacking, and other critical bugs in large enterprise platforms, as well as the countermeasures in order to protect from these threats. We will walk you through the vulnerability research process we performed over these frameworks, enabling you to understand also how these attacks could be extended to other RMI implementations you may encounter.
Unbreakable oracle er_ps_siebel_jd_edwardsOnapsis Inc.
After a brief introduction into ERP systems such as Oracle Siebel and JD Edwards this presentation will cover attack scenarios that these systems are faced with.
Infospica Consultancy Services headquartered in Technopark, Thiruvananthapuram, Kerala, India provides Digital Communication, Enterprise Software Solutions, Consulting, Infrastructure Management Solutions to our customers across the globe.
We also provide comprehensive and integrated solutions partnering with other top class software & hardware vendors in the industry.
We have a strong team of highly skilled IT experts, catering its global clientele with innovative cost-effective solutions across different industry verticals.
We have been consistent so far and are constantly expanding our boundaries adapting to latest technology needs & trends and evolving business models.
Blended Web and Database Attacks on Real Time In-memory PlatformsOnapsis Inc.
hat is “in-memory” platform? Usually DBMS rely on disk to store their data but today they are solutions which store data in memory. Why? Memory is cheap today, there is an increase amount of data to process and performance is a key. Well-known solutions are Oracle, SQLserver and SAP HANA.
Ezequiel’s research focused on SAP HANA. The solution is based on many components (DB, HTTP server) and provide a nice attack surface. This is a blended architecture. Instead of an application using a DB connection with limited (or unrestricted) access, the application is the same as the database user. User privileges should be restricted at the DB level. This changes the impact of classic attacks:
SQLi are restricted to the user privileges (better)
XSS is more powerful (bad)
After the introduction, some attack vectors against HANA were reviewed. About SQL injections, HANA has a nice feature: history tables. If the user does not delete it, the information remains available! XSS attacks were reviewed as well as integration with the R-Server.
Unbreakable oracle er_ps_siebel_jd_edwardsOnapsis Inc.
After a brief introduction into ERP systems such as Oracle Siebel and JD Edwards this presentation will cover attack scenarios that these systems are faced with.
Infospica Consultancy Services headquartered in Technopark, Thiruvananthapuram, Kerala, India provides Digital Communication, Enterprise Software Solutions, Consulting, Infrastructure Management Solutions to our customers across the globe.
We also provide comprehensive and integrated solutions partnering with other top class software & hardware vendors in the industry.
We have a strong team of highly skilled IT experts, catering its global clientele with innovative cost-effective solutions across different industry verticals.
We have been consistent so far and are constantly expanding our boundaries adapting to latest technology needs & trends and evolving business models.
Blended Web and Database Attacks on Real Time In-memory PlatformsOnapsis Inc.
hat is “in-memory” platform? Usually DBMS rely on disk to store their data but today they are solutions which store data in memory. Why? Memory is cheap today, there is an increase amount of data to process and performance is a key. Well-known solutions are Oracle, SQLserver and SAP HANA.
Ezequiel’s research focused on SAP HANA. The solution is based on many components (DB, HTTP server) and provide a nice attack surface. This is a blended architecture. Instead of an application using a DB connection with limited (or unrestricted) access, the application is the same as the database user. User privileges should be restricted at the DB level. This changes the impact of classic attacks:
SQLi are restricted to the user privileges (better)
XSS is more powerful (bad)
After the introduction, some attack vectors against HANA were reviewed. About SQL injections, HANA has a nice feature: history tables. If the user does not delete it, the information remains available! XSS attacks were reviewed as well as integration with the R-Server.
Presentation at the SAP Inside Track Hamburg. Visualizations during software development. Extract Meta-Models for SAP applications. How to make customizable dependency graphs for any computer language where Moose Analysis is used
Design evolution of SAP Business ByDesign - Document EditorChristian Happel
This presentation includes screenshots of nearly every ByDesign release so far. Including some very early screenshots of the mockups that we built to validate our use cases and scenarios.
2012 Converge "Wanting to buy from you" Institute of Search, Social and Mobil...Kevin Cox
Master the business of social media at CONVERGE 2012 Silicon Valley. Kevin Cox from SAP Marketing speaks about how social has changed selling to customers. “Selling to customers has changed because buying has changed,” Kevin Cox. Institute of Search, Social and Mobile Marketing
Do Visualizations help during development? Using Moose while coding.ESUG
First Name: Rainer
Last Name: Winkler
Title: Do Visualizations help during development? Using Moose while coding.
Type: Talk
Youtube: https://youtu.be/0ttLYM1tkek
Abstract: I will discuss how visualizations can help while coding. I
explain the intention behind the visualization tool RW-Moose-Diagram
(http://www.smalltalkhub.com/#!/
~RainerWinkler/RW-Moose-Diagram)
which is based on Moose and Roassal. It is used to make dependency
diagrams that focus on a certain aspect of an application. It supports
comments; elements can be dragged; changes to diagrams can be
stored. I speak about the experiences I made while using it with ABAP
and Smalltalk. The main intention was to make understanding code
easier while working with Legacy code. I discuss also in which cases
it can help while working with new applications that have a very high
test coverage.
Bio: Rainer Winkler is developer for SAP applications specialized in
SAP tools for reporting. He is interested in software maintenance and
in getting Legacy code under control. He works primarily with ABAP and
enjoyed to learn Pharo recently to utilize Roassal and Moose.
by Wolfgang Krips, Senior Vice President of Global Infrastructure Operations of SAP at the Lean Summit 2010, New Horizons for Lean Thinking on 2/3 November 2010
Plataforma de gestión de datos para la transformación digital - IDCSAP Latinoamérica
“Transformación digital” es el proceso continuo por el cual las compañías se adaptan a cambios disruptivos en sus clientes y mercados (ecosistema externo) o bien los impulsan aprovechando las competencias digitales para innovar en nuevos modelos de negocio.
Hacemos que la Transformación Digital sea una realidad para las PyMEsSAP Latinoamérica
65% de las PyMEs creen que las
soluciones tecnológicas les ayudan a mejorar notablemente los resultados
del negocio y/o a administrar mejor la empresa. Sin embargo, aunque
las PyMEs desean utilizar la tecnología para mejorar y transformar sus
negocios, muchas de ellas luchan por encontrar la fórmula correcta
SAP Labs América Latina ha creado este evento de innovación social que permitirá a empresas emergentes, o startups, desarrollar soluciones que busquen resolver problemas sociales de América Latina relacionados con la educación, los servicios públicos, la sostenibilidad y el emprendimiento social.
¿Cómo lograr una transformación estratégica de la industria bancaria?SAP Latinoamérica
Conozca en este estudio de IDC, las tendencias y modelos que deberán seguir las empresas de la industria bancaria, para completar su transformación digital.
El control de sus operaciones diarias es vital para continuar innovando en la era digital. En #SAPForum México podrá conocer las claves que le ayudarán a lograr una exitosa transformación digital de su empresa. ¡Regístrese! http://spr.ly/61818MYJU
El Tour de SAP Executive Summit Norte lo espera, viva una experiencia digital que abrirá un mundo de posibilidades para usted y su negocio. Regístrese ahora y reserve su localidad:
La hiperconectividad y las nuevas tendencias digitales están cambiando las necesidades de los negocios y de los consumidores en todas las industrias.
SAP Forum México es el evento que reúne las últimas tendencias de tecnología y negocios, un encuentro para obtener el máximo beneficio que la era digital nos brinda.
En esta séptima edición descubrirá todos los elementos que las empresas necesitan para digitalizar sus procesos centrales y convertirse en un negocio que opere verdaderamente en vivo, capitalizando todas las oportunidades basadas en datos confiables y analíticas predictivas, para cada una de las líneas de negocio.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
13. Se considera SAP HANA como una plataforma porque:
a) Requiere de un hardware específico
b) Funciona en ambientes virtualizados
c) Incorpora características para almacenar, analizar, predecir, entender y
compartir
d) Soporta tablas columnares y verticales
e) Procesa información en tiempo real
14. Se considera SAP HANA como una plataforma porque:
a) Requiere de un hardware específico
b) Funciona en ambientes virtualizados
c) Incorpora características para almacenar, analizar, predecir, entender y
compartir
d) Porque soporta tablas columnares y verticales
e) No se considera plataforma