The Community for Technology Leaders
Green Image
Issue No. 02 - Mar.-Apr. (2016 vol. 14)
ISSN: 1540-7993
pp: 30-39
Aviv Ron , IBM
ABSTRACT
NoSQL data storage systems have become very popular due to their scalability and ease of use. Unfortunately, they lack the security measures and awareness that are required for data protection. Although the new data models and query formats of NoSQL data stores make old attacks such as SQL injections irrelevant, they give attackers new opportunities for injecting their malicious code into the statements passed to the database. Analysis of the techniques for injecting malicious code into NoSQL data stores provides examples of new NoSQL injections as well as Cross-Site Request Forgery attacks, allowing attackers to bypass perimeter defenses such as firewalls. Analysis of the source of these vulnerabilities and present methodologies can mitigate such attacks. Because code analysis alone is insufficient to prevent attacks in today's typical large-scale deployment, certain mitigations should be done throughout the entire software life cycle.
INDEX TERMS
Computer security, Scalability, Browsers, Data storage systems, Distributed databases, Service-oriented architecture, Data models, Forgery, Data protection
CITATION

A. Ron, A. Shulman-Peleg and A. Puzanov, "Analysis and Mitigation of NoSQL Injections," in IEEE Security & Privacy, vol. 14, no. 2, pp. 30-39, 2016.
doi:10.1109/MSP.2016.36
481 ms
(Ver 3.3 (11022016))