Showing 1–1 of 1 results for author: Bronshtein, E

No SQL, No Injection? Examining NoSQL Security

Authors: Aviv Ron, Alexandra Shulman-Peleg, Emanuel Bronshtein

Abstract: NoSQL data storage systems have become very popular due to their scalability and ease of use. This paper examines the maturity of security measures for NoSQL databases, addressing their new query and access mechanisms. For example the emergence of new query formats makes the old SQL injection techniques irrelevant, but are NoSQL databases immune to injection in general? The answer is NO. Here we p… ▽ More NoSQL data storage systems have become very popular due to their scalability and ease of use. This paper examines the maturity of security measures for NoSQL databases, addressing their new query and access mechanisms. For example the emergence of new query formats makes the old SQL injection techniques irrelevant, but are NoSQL databases immune to injection in general? The answer is NO. Here we present a few techniques for attacking NoSQL databases such as injections and CSRF. We analyze the source of these vulnerabilities and present methodologies to mitigate the attacks. We show that this new vibrant technological area lacks the security measures and awareness which have developed over the years in traditional RDBMS SQL systems. △ Less

Submitted 12 June, 2015; originally announced June 2015.

Comments: In Proceedings of the 9th Workshop on Web 2.0 Security and Privacy (W2SP) 2015