How secure is your database? Hacking Postgres with Hathi | Citus Con: An Event for Postgres 2022

In this talk presented by Anthony Shaw at Citus Con: An Event for Postgres, Anthony shows you how to attack Postgres servers using a free and open-source dictionary attack tool he created called Hathi. Hathi comes with a custom password list and is used to identify insecure configurations of PostgreSQL and fix them. (The name for the Hathi open source tool was inspired by Colonel Hathi, the elephant in the Jungle Book.) Think your server is secure? We'll see!
Outline of Anthony’s talk in the APAC livestream at Citus Con:

• Overview of Postgres network security
• Common username and password pairing
• Network attack vectors and DMZs
• Using Hathi to test your Postgres servers
• Tips for a more secure Postgres database

Anthony is a Cloud Advocate at Microsoft focused on Python. Anthony works from Sydney, Australia and is a contributor to many open-source communities, running and contributing to several popular open-source tools for DevOps, Security, Automation, and Code Quality. He has been recognized for his contribution to open source, including as Fellow of the Python Software Foundation and member of the Apache Software Foundation. Anthony runs a Python blog and YouTube channel and has recently published a book on the Python compiler.

► Video bookmarks:
⏩ 00:00 Introduction
⏩ 02:21 Network security in Postgres
⏩ 03:09 Typical authentication workflow in Postgres
⏩ 09:16 Can I guess your login?
⏩ 11:47 Can I guess your password?
⏩ 12:40 Using Hathi to hack Postgres
⏩ 13:54 Installing & running Hathi
⏩ 14:39 Demo
⏩ 21:22 How can we solve the network security problem?
⏩ 24:51 Q&A with Anthony & Aaron

✅ Learn more:

📌 Let’s connect:

#CitusCon #PostgreSQL #OpenSource