* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download XML Security
Extensible Storage Engine wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Entity–attribute–value model wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Functional Database Model wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Clusterpoint wikipedia , lookup
NoSQL Database Attacks
Majid Salehi
Sina Sajadmanesh
Majid Salehi , Sina Sajadmanesh
1
Outline
• What is Big Data?
• What is NoSQL ?
• NoSQL Vulnerabilities
• Some Attacks
Majid Salehi , Sina Sajadmanesh
2
Big Data
• Datasets that are so large or complex that they are difficult to process using
traditional database processing applications.
• 2.5 quintillion ( 1 followed by 18 zeros ) bytes data being generated every
day.
• 72 hours per minute video uploaded to youtube.
• Data of this scale and complexity needs a different approach, different tools
and different storage mechanisms that create similar, but distinctly different
problems for developers.
Majid Salehi , Sina Sajadmanesh
3
NoSQL
• Not Only SQL
• Umbrella term for data management systems that do not use the relational model.
• Identifying NoSQL Systems:
 Generally don’t use tables
 Generally don’t use SQL for data manipulation
 Optimised for retrieves and appends.
 Do very little over than record storage
 Highly scalable
 Focused on huge quantities of data where a relational model isn’t required.
Majid Salehi , Sina Sajadmanesh
4
NoSQL Vulnerabilities
Schema Injection
Query Injection
JavaScript Injection
Connection Pollution
Password Bruteforcing
 …
Majid Salehi , Sina Sajadmanesh
5
NoSQL Vulnerabilities
Schema Injection
Allows an attacker to insert arbitrary key/value pairs into document
Majid Salehi , Sina Sajadmanesh
6
NoSQL Vulnerabilities
Schema Injection
Allows an attacker to insert arbitrary key/value pairs into document
Majid Salehi , Sina Sajadmanesh
7
NoSQL Vulnerabilities
Query Injection
This means that an attacker can insert operations into the query by GETing or
POSTing keys.
Majid Salehi , Sina Sajadmanesh
8
NoSQL Vulnerabilities
Query Injection
This means that an attacker can insert operations into the query by GETing or
POSTing keys.
Majid Salehi , Sina Sajadmanesh
9
NoSQL Vulnerabilities
Server-Side Javascript Injection
$query = 'function() {var search_year = \'' . $_GET['year'] .
'\';' .
'return this.publicationYear == search_year || ' .
' this.filmingYear == search_year || ' .
' this.recordingYear == search_year;}';
$cursor = $collection->find(array('$where' => $query));
http://server/app.php?year=1995';while(1);var%20foo='bar
Majid Salehi , Sina Sajadmanesh
10
NoSQL Vulnerabilities
Connection Pollution
Using CouchDB as example
 RESTful
 Cross-Database / Pool Access
 CouchDB’s global and DB handler
 Ex:
NoSQL.connect(http://couchDB/_restart)
Majid Salehi , Sina Sajadmanesh
11
NoSQL Vulnerabilities
Connection Pollution
Majid Salehi , Sina Sajadmanesh
12
NoSQL Vulnerabilities
Password Bruteforcing
Redis’ AUTH commands are not rate limited or restricted in any way
Majid Salehi , Sina Sajadmanesh
13
References
1. Bryan Sullivan from Adobe: "Server-Side JavaScript Injection" - https://media.blackhat.com/bh-us11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf
2. Bryan Sullivan from Adobe: "NoSQL, But Even Less Security" http://blogs.adobe.com/asset/files/2011/04/NoSQL-But-Even-Less-Security.pdf
3. Erlend from Bekk Consulting: "[Security] NOSQL-injection" http://erlend.oftedal.no/blog/?blogid=110
4. Felipe Aragon from Syhunt: "NoSQL/SSJS Injection" http://www.syhunt.com/?n=Articles.NoSQLInjection
5. MongoDB Documentation: "How does MongoDB address SQL or Query injection?" http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-queryinjection
6. PHP Documentation: "MongoCollection::find" - http://php.net/manual/en/mongocollection.find.php
7. "Hacking NodeJS and MongoDB" - http://blog.websecurify.com/2014/08/hacking-nodejs-andmongodb.html
Majid Salehi , Sina Sajadmanesh
14
Question?!
Majid Salehi , Sina Sajadmanesh
15
Thanks 
Majid Salehi , Sina Sajadmanesh
16
					 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                            