Pentesting NoSQL DB's Using NoSQL Exploitation Framework
Offered By: 44CON Information Security Conference via YouTube
Course Description
Overview
Explore pentesting techniques for NoSQL databases in this 36-minute conference talk from 44CON Information Security Conference. Delve into the security implications of NoSQL adoption, focusing on MongoDB, CouchDB, and Redis. Learn about injection attacks, JavaScript exploitation, and automated testing using the NoSQL Exploitation Framework. Discover architectural vulnerabilities, attack vectors, and security issues specific to each database type. Gain insights into database cloning, enumeration attacks, and denial of service techniques. Understand the importance of securing NoSQL implementations and stay updated on emerging threats in this rapidly evolving field.
Syllabus
Intro
Agenda
No Sequel Databases
Why NoSQL
NoSQL Snapshot
NoSQL Key Points
MongoDB
Architecture
JavaScript
Mapping
Demo
Database Object in Mongo
JavaScript Techniques
JavaScript Injection Attacks
Saving JavaScript
Load JavaScript Function
Associative Array
Resource Exceptional MongoDB
CouchDB
CouchDB Architecture
CouchDB Attacks
Admin Parties
Cross Side Port Attack
Enumeration Attack
PHP on Couch
Query
All Docs
Redis
Redis Key Features
Attacks
Lua Scripting
Key Points
Script Kill
Denial of Service Attack
Rename Command
Rewrite Command
Enumeration
Security Issues
Source Command
Java
NoSQL
NoSQL Framework
Key Features
Database Cloning
Future Updates
Taught by
44CON Information Security Conference
Related Courses
Programming LanguagesUniversity of Virginia via Udacity Building a Basic Website
University of Massachusetts Amherst via Independent iDESWEB, Introducción al desarrollo web
MirÃadax Web Engineering II: Developing Mobile HTML5 Apps
Technische Hochschule Mittelhessen via iversity Web Application Architectures
University of New Mexico via Coursera