LAST DAY to get a free GIAC Certification attempt with associated Live Online course purchase!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Injecting a node.js app using NoSQL and Query Selector Injection

  • Thursday, September 15, 2016 at 1:00 PM EDT (2016-09-15 17:00:00 UTC)
  • Aaron Cure

You can now attend the webcast using your mobile device!



Your application connects to a backend database server. Traditionally we look for SQL Injection and similar issues. What do we do with a NoSQL database? How do we protect it?

In the upcoming node.js on demand course author Aaron Cure will introduce students to application security concepts and practices, as well as specific issues and mitigations in the node.js framework.

Students will investigate topics such as HTML local data storage, CSRF, and rate limiting brute force attacks in node.js applications. In a series of labs they will protect vulnerable web applications and services using AppSec "best practices" as well as libraries and tools in the node.js environment. In this webcast, Aaron will review SQL Injection in Node.js apps against modern NoSQL databases?

Speaker Bio

Aaron Cure

Aaron is a senior security consultant at Cypress Data Defense and an instructor and contributing author for the DEV544 Secure Coding in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. He also has experience developing security tools, performing secure code reviews, vulnerability assessments, and penetration testing, as well as risk assessments, static source code analysis, and security research. Aaron holds the GIAC GSSP-.NET, GWAPT, GMOB, and CISSP certifications and is located in Arvada, CO. Outside the office Aaron enjoys boating, travel, and playing hockey.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.