Modern Web Application Penetration Testing Part 3, NoSQL injection with MongoDB

  • Webcast Aired Friday, 05 Jun 2020 10:30AM EDT (05 Jun 2020 14:30 UTC)
  • Speaker: Adrien de Beaupre

NoSQL injection, what it is and what it means in modern web application penetration testing. SQL Injection in relational databases is a well understood and yet still common threat. Modern applications call for modern web application penetration testing techniques, NoSQL can mean NoSecure. Many modern applications can use alternative databases for storage and retrieval, one example is MongoDB which is part of the MEAN stack. This discussion will cover NoSQL injection, a relatively new attack technique that is as damaging, and not as well known. We will do a live demonstration of the attack using nothing but a web browser and a vulnerable application!

View the rest of this series here:

Modern Web Application Penetration Testing Part 1, XSS and XSRF Together

Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks