Did "cloud computing" and "big data" buzzwords bring new challenges for security testers? In this presentation I would like to show that penetration testing of Hadoop installation does not really differ much from any other application. Apart from complexity of the installation and number of interfaces, standard techniques can be applied to test for: web application vulnerabilities, SSL security, encryption at rest, obsolete libraries bugs and least privilege principle. We tested popular Hadoop environments and found few critical vulnerabilities, which for sure cast a shadow on big data security. So as not to stop with CVE shooting, we would like to show you our approach of testing big data installations and few ideas of how to keep them secure.
Język prezentacji: angielski