Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, July 1 • 15:00 - 15:45
Big problems with big data - Hadoop interfaces security

Sign up or log in to save this to your schedule and see who's attending!

Did "cloud computing" and "big data" buzzwords bring new challenges for security testers? 
In this presentation I would like to show that penetration testing of Hadoop installation does not really differ much from any other application. Apart from complexity of the installation and number of interfaces, standard techniques can be applied to test for: web application vulnerabilities, SSL security, encryption at rest, obsolete libraries bugs and least privilege principle. 
We tested popular Hadoop environments and found few critical vulnerabilities, which for sure cast a shadow on big data security. So as not to stop with CVE shooting, we would like to show you our approach of testing big data installations and few ideas of how to keep them secure. 

Outline: 
- big data installations architecture 
- attack vectors and surfaces 
- least privilege principle in popular Hadoop environments 
- more detailed attack vectors and possible risks: obsolete packages in popular Hadoop environments, vulnerabilities in web interfaces 
- more focus on administrative interfaces (Ranger, Ambari, Hue) 
- problems with user interfaces (e.g. Hue) 
- hints for pentesting Hadoop installations 
- hints for securing Hadoop installations

Speakers
avatar for Jakub Kaluzny

Jakub Kaluzny

Sr. IT Security Consultant, SecuRing
Jakub is a Senior IT Security Consultant at SecuRing and performs penetration tests of high-risk applications, systems and devices. He was a speaker at many internetional conferences: BlackHat Asia, OWASP AppSec EU, PHdays, HackInTheBox, ZeroNights as well at local security events. Previously working for European Space Agency and internet payments intermediary. Apart from testing applications, he digs into proprietary network protocols... Read More →


Friday July 1, 2016 15:00 - 15:45
Room C (Tiziano Ballroom Sec. 2)

Attendees (20)