Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Extensible Storage Engine wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Entity–attribute–value model wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Functional Database Model wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Clusterpoint wikipedia , lookup
NoSQL Database Attacks Majid Salehi Sina Sajadmanesh Majid Salehi , Sina Sajadmanesh 1 Outline • What is Big Data? • What is NoSQL ? • NoSQL Vulnerabilities • Some Attacks Majid Salehi , Sina Sajadmanesh 2 Big Data • Datasets that are so large or complex that they are difficult to process using traditional database processing applications. • 2.5 quintillion ( 1 followed by 18 zeros ) bytes data being generated every day. • 72 hours per minute video uploaded to youtube. • Data of this scale and complexity needs a different approach, different tools and different storage mechanisms that create similar, but distinctly different problems for developers. Majid Salehi , Sina Sajadmanesh 3 NoSQL • Not Only SQL • Umbrella term for data management systems that do not use the relational model. • Identifying NoSQL Systems: Generally don’t use tables Generally don’t use SQL for data manipulation Optimised for retrieves and appends. Do very little over than record storage Highly scalable Focused on huge quantities of data where a relational model isn’t required. Majid Salehi , Sina Sajadmanesh 4 NoSQL Vulnerabilities Schema Injection Query Injection JavaScript Injection Connection Pollution Password Bruteforcing … Majid Salehi , Sina Sajadmanesh 5 NoSQL Vulnerabilities Schema Injection Allows an attacker to insert arbitrary key/value pairs into document Majid Salehi , Sina Sajadmanesh 6 NoSQL Vulnerabilities Schema Injection Allows an attacker to insert arbitrary key/value pairs into document Majid Salehi , Sina Sajadmanesh 7 NoSQL Vulnerabilities Query Injection This means that an attacker can insert operations into the query by GETing or POSTing keys. Majid Salehi , Sina Sajadmanesh 8 NoSQL Vulnerabilities Query Injection This means that an attacker can insert operations into the query by GETing or POSTing keys. Majid Salehi , Sina Sajadmanesh 9 NoSQL Vulnerabilities Server-Side Javascript Injection $query = 'function() {var search_year = \'' . $_GET['year'] . '\';' . 'return this.publicationYear == search_year || ' . ' this.filmingYear == search_year || ' . ' this.recordingYear == search_year;}'; $cursor = $collection->find(array('$where' => $query)); http://server/app.php?year=1995';while(1);var%20foo='bar Majid Salehi , Sina Sajadmanesh 10 NoSQL Vulnerabilities Connection Pollution Using CouchDB as example RESTful Cross-Database / Pool Access CouchDB’s global and DB handler Ex: NoSQL.connect(http://couchDB/_restart) Majid Salehi , Sina Sajadmanesh 11 NoSQL Vulnerabilities Connection Pollution Majid Salehi , Sina Sajadmanesh 12 NoSQL Vulnerabilities Password Bruteforcing Redis’ AUTH commands are not rate limited or restricted in any way Majid Salehi , Sina Sajadmanesh 13 References 1. Bryan Sullivan from Adobe: "Server-Side JavaScript Injection" - https://media.blackhat.com/bh-us11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf 2. Bryan Sullivan from Adobe: "NoSQL, But Even Less Security" http://blogs.adobe.com/asset/files/2011/04/NoSQL-But-Even-Less-Security.pdf 3. Erlend from Bekk Consulting: "[Security] NOSQL-injection" http://erlend.oftedal.no/blog/?blogid=110 4. Felipe Aragon from Syhunt: "NoSQL/SSJS Injection" http://www.syhunt.com/?n=Articles.NoSQLInjection 5. MongoDB Documentation: "How does MongoDB address SQL or Query injection?" http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-queryinjection 6. PHP Documentation: "MongoCollection::find" - http://php.net/manual/en/mongocollection.find.php 7. "Hacking NodeJS and MongoDB" - http://blog.websecurify.com/2014/08/hacking-nodejs-andmongodb.html Majid Salehi , Sina Sajadmanesh 14 Question?! Majid Salehi , Sina Sajadmanesh 15 Thanks Majid Salehi , Sina Sajadmanesh 16