NoSQL Is Not NoVulnerable - Exploring Security Risks in NoSQL Databases

Explore the vulnerabilities of NoSQL databases in this informative conference talk from AppSecUSA 2017. Delve into how modern web applications using NoSQL databases, while potentially less susceptible to traditional SQL injection attacks, face new security challenges. Learn about the different query languages and complex data types used in NoSQL databases, and how these features can lead to new classes of vulnerabilities. Discover how limitations in security and access controls in NoSQL databases compared to traditional SQL databases can expose applications to risks. Examine specific attacks that exploit complex data types like JSON to bypass application-level access controls. Gain insights from Johannes Ullrich, Dean of Research at the SANS Technology Institute, as he surveys popular NoSQL databases and compares the threats applications may face when using these systems.