YoVDO

Pentesting NoSQL DB's Using NoSQL Exploitation Framework

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Javascript Courses Ethical Hacking Courses MongoDB Courses Redis Courses NoSQL Databases Courses Database Security Courses

Course Description

Overview

Explore pentesting techniques for NoSQL databases in this 36-minute conference talk from 44CON Information Security Conference. Delve into the security implications of NoSQL adoption, focusing on MongoDB, CouchDB, and Redis. Learn about injection attacks, JavaScript exploitation, and automated testing using the NoSQL Exploitation Framework. Discover architectural vulnerabilities, attack vectors, and security issues specific to each database type. Gain insights into database cloning, enumeration attacks, and denial of service techniques. Understand the importance of securing NoSQL implementations and stay updated on emerging threats in this rapidly evolving field.

Syllabus

Intro
Agenda
No Sequel Databases
Why NoSQL
NoSQL Snapshot
NoSQL Key Points
MongoDB
Architecture
JavaScript
Mapping
Demo
Database Object in Mongo
JavaScript Techniques
JavaScript Injection Attacks
Saving JavaScript
Load JavaScript Function
Associative Array
Resource Exceptional MongoDB
CouchDB
CouchDB Architecture
CouchDB Attacks
Admin Parties
Cross Side Port Attack
Enumeration Attack
PHP on Couch
Query
All Docs
Redis
Redis Key Features
Attacks
Lua Scripting
Key Points
Script Kill
Denial of Service Attack
Rename Command
Rewrite Command
Enumeration
Security Issues
Source Command
Java
NoSQL
NoSQL Framework
Key Features
Database Cloning
Future Updates


Taught by

44CON Information Security Conference

Related Courses

操作系统与虚拟化安全
Peking University via Coursera Intro to Relational Databases
Udacity SQL Server数据库技术
Xi'an Jiaotong University via Coursera Provisioning Databases in Azure and SQL Server
Microsoft via edX Databases in Azure
Microsoft via edX