One Day Left to Get an iPad Pro w/ Smart Keyboard, HP ProBook, or $350 Off with OnDemand and vLive Training!

Dublin 2017

Dublin, Ireland | Mon, Sep 11 - Sat, Sep 16, 2017
This event is over,
but there are more training opportunities.

Pwning NoSQL Applications for Fun and Profit

  • Bojan Zdrnja
  • Tuesday, September 12th, 6:00pm - 7:00pm

In last couple of years, NoSQL databases became the main database used by many web developers. Together with popular stacks, such as the MEAN stack (MongoDB, Express.js, Angular.js and Node.js), NoSQL databases are increasingly popular since such stacks support both client and server side programs written in JavaScript, allowing easy development. The core database used by the MEAN stack, MongoDB, is a NoSQL database program that uses JSON-like documents with dynamic schemas allowing huge flexibility. Although NoSQL databases are not vulnerable to standard SQL injection attacks, they can be exploited with various injection vulnerabilities depending on creation of queries, which can even include user-defined JavaScript functions. This presentation will demonstrate how applications that use NoSQL databases can be exploited through NoSQL injection in order to retrieve data from the database and do even more.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, September 12
Session Speaker Time Type
Pwning NoSQL Applications for Fun and Profit Bojan Zdrnja Tuesday, September 12th, 6:00pm - 7:00pm SANS@Night
Hands on Hacking Chris Dale Tuesday, September 12th, 7:00pm - 8:00pm SANS@Night