Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Pentesting NoSQL DB's Using NoSQL Exploitation Framework

44CON Information Security Conference via YouTube

Overview

Explore pentesting techniques for NoSQL databases in this 36-minute conference talk from 44CON Information Security Conference. Delve into the security implications of NoSQL adoption, focusing on MongoDB, CouchDB, and Redis. Learn about injection attacks, JavaScript exploitation, and automated testing using the NoSQL Exploitation Framework. Discover architectural vulnerabilities, attack vectors, and security issues specific to each database type. Gain insights into database cloning, enumeration attacks, and denial of service techniques. Understand the importance of securing NoSQL implementations and stay updated on emerging threats in this rapidly evolving field.

Syllabus

Intro
Agenda
No Sequel Databases
Why NoSQL
NoSQL Snapshot
NoSQL Key Points
MongoDB
Architecture
JavaScript
Mapping
Demo
Database Object in Mongo
JavaScript Techniques
JavaScript Injection Attacks
Saving JavaScript
Load JavaScript Function
Associative Array
Resource Exceptional MongoDB
CouchDB
CouchDB Architecture
CouchDB Attacks
Admin Parties
Cross Side Port Attack
Enumeration Attack
PHP on Couch
Query
All Docs
Redis
Redis Key Features
Attacks
Lua Scripting
Key Points
Script Kill
Denial of Service Attack
Rename Command
Rewrite Command
Enumeration
Security Issues
Source Command
Java
NoSQL
NoSQL Framework
Key Features
Database Cloning
Future Updates

Taught by

44CON Information Security Conference

Reviews

Start your review of Pentesting NoSQL DB's Using NoSQL Exploitation Framework

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.