NoSQL Injections: Moving Beyond ‘or ‘1’=’1′

DerbyCon 4.0 - Family Rootz

Presented by: Matt Bromiley
Date: Friday September 26, 2014
Time: 14:00 - 14:25
Location: Stable Talks

Gone are the days of SELECT *… Hadoop- Mongo- Elasticsearch. NoSQL databases are all the rage these days- as companies migrate some- if not all- of their data to these new storage types. As infosec practitioners encounter these bad boys- we need to know what to do with them. This talk will combine viewpoints of NoSQL injections and the footprints left behind. Using MongoDB as an example- attendees will be shown basic Mongo operations and through log analysis- determine which operations are logged and which are not. We’ll then build up our NoSQL injection skills- making Mongo and Elasticsearch sing. Attendees should be prepared to learn some neat NoSQL tricks- and proceed comfortably knowing what’s logged and what’s not.

Matt Bromiley


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats