Get practical pen test, red team, purple team, or exploit dev training from expert instructors at this Novembers HackFest!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Modern Web Application Penetration Testing Part 3, NoSQL injection with MongoDB

  • Friday, June 05, 2020 at 10:30 AM EDT (2020-06-05 14:30:00 UTC)
  • Adrien de Beaupré

You can now attend the webcast using your mobile device!

  

Overview

NoSQL injection, what it is and what it means in modern web application penetration testing. SQL Injection in relational databases is a well understood and yet still common threat. Modern applications call for modern web application penetration testing techniques, NoSQL can mean NoSecure. Many modern applications can use alternative databases for storage and retrieval, one example is MongoDB which is part of the MEAN stack. This discussion will cover NoSQL injection, a relatively new attack technique that is as damaging, and not as well known. We will do a live demonstration of the attack using nothing but a web browser and a vulnerable application!

View the rest of this series here:

Modern Web Application Penetration Testing Part 1, XSS and XSRF Together

Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks

Speaker Bio

Adrien de Beaupré

Adrien de Beaupre is a Principal SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes course development, technical instruction, vulnerability assessment, and penetration testing. He is a member of the SANS Internet Storm Center (isc.sans.edu) and is actively involved with the information security community.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.