NOSQL INJECTION - OWASP

NOSQL INJECTION

FUN WITH OBJECTS AND ARRAYS

Patrick Spiegel

1

MOTIVATION

... with MongoDB we are not building queries

from strings, so traditional SQL injection attacks

are not a problem.

- MongoDB Developer FAQ

2

AGENDA

Scope Attacker Model

Attacks Mitigation

3

SCOPE

4.1

SCOPE - DATABASES

Database Type

Ranking

Document store

5.

Key-value store

9.

Key-value cache

23.

Document store

26.

4.2

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download