Choose from Eight InfoSec Courses at SANS Las Vegas 2018. Save $200 thru 12/27.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

NoSQL Doesn’t Make you NoVulnerable

  • Friday, April 21st, 2017 at 1:00 PM EDT (17:00:00 UTC)
  • Johannes Ullrich
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

SQL Injection has long been the most talked about and feared vulnerability for web applications. With web applications using SQL databases for persistent storage, it provided an easy to exploit vulnerability to bypass authorization logic and to access and manipulate data. Modern web applications on the other hand do often avoid SQL databases. Instead, a new family of databases often referred to as "NoSQL" is used for their speed and simplicity. But with new powers, developers and system administrators protecting web applications must learn about new responsibilities. NoSQL databases often use complex data structures like JSON and XML. Proper serialization techniques and input validation still must be used to keep your data safe. In addition, these databases are often deployed without proper controls. This webcast is not just aimed at developers, but as much at systems administration and operations who often are tasked with keeping these environments safe. We will discuss some known vulnerabilities common to web applications supported by NoSQL databases, as well as configuration choices, and attacks performed against these databases. Coding, configuration choices as well as attack detection techniques will be discussed.

Speaker Bio

Johannes Ullrich

Johannes Ullrich, dean of research at the SANS Technology Institute, is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. His research interests include IPv6, network traffic analysis and secure software development. In 2004, Network World named Johannes one of the 50 most powerful people in the networking industry, and SC Magazine named him one of the top five influential IT security thinkers for 2005. Prior to working for SANS, Johannes served as a lead support engineer for a web development company and as a research physicist.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.