Cybersecurity skills shortage soars nearing 3 million. Keep your skills current. Train with SANS.


To attend this webcast, login to your SANS Account or create your Account.

Injecting a node.js app using NoSQL and Query Selector Injection

  • Thursday, September 15th, 2016 at 1:00 PM EDT (17:00:00 UTC)
  • Aaron Cure
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Your application connects to a backend database server. Traditionally we look for SQL Injection and similar issues. What do we do with a NoSQL database? How do we protect it?

In the upcoming node.js on demand course author Aaron Cure will introduce students to application security concepts and practices, as well as specific issues and mitigations in the node.js framework.

Students will investigate topics such as HTML local data storage, CSRF, and rate limiting brute force attacks in node.js applications. In a series of labs they will protect vulnerable web applications and services using AppSec "best practices" as well as libraries and tools in the node.js environment. In this webcast, Aaron will review SQL Injection in Node.js apps against modern NoSQL databases?

Speaker Bio

Aaron Cure

Aaron is a senior security consultant at Cypress Data Defense and an instructor and contributing author for the DEV544 Secure Coding in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. He also has experience developing security tools, performing secure code reviews, vulnerability assessments, and penetration testing, as well as risk assessments, static source code analysis, and security research. Aaron holds the GIAC GSSP-.NET, GWAPT, GMOB, and CISSP certifications and is located in Arvada, CO. Outside the office Aaron enjoys boating, travel, and playing hockey.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.