Vulnerability Assesment For Advanced Injection Attacks Against Mongodb

Authors:

Vrinda Sachdeva,Sachin Gupta,

DOI NO:

https://doi.org/10.26782/jmcms.2019.02.00028

Keywords:

Nosql,MongoDB,Injection,Attack,Consistency,Vulnerability,Scalability,

Abstract

Nosql database is also known as not only sql database. For real time web application and for large set of distributed data, nosql database gaining popularity to handle big data. Nosql database has enormous function to handle big data. In contrast to this, nosql database also supports auto sharding, auto replication and many other feature making it suitable to be used as storage mechanism. Nosql database is used to store data in an unstructured way, when more attention is paid to Performance and real time access rather than consistency, then nosql databases seems to be more appropriate. However, research on the security of nosql database is very limited. Although, there are many research benefit in nosql database like scalability, faster data access and availability as compare to rdbms. But nosql database has some security issues. The experimental testing on advance nosql injections is performed. The demonstration of advance nosql injection attack against a nosql database is performed with php and JavaScript. It shows the client’s data. Method are discussed to prevent this type of security problems from happening again. This paper also shows how to create a security layer of nosql application to prevent nosql injection. In this paper, we will demonstrate, advance nosql injection attack and propose defense method to secure the nosql database. Hence nosql database programmer be aware of the nosql injection attack mechanism and build a more secure database to store huge data.

Refference:

I.Abramova, Veronika, and Jorge Bernardino”NoSQL databases: MongoDB vs Cassandra.” Proceedings of the International C* Conference on Computer Science and Software Engineering10 Jul: 14-22, 2013.

II.Ahmed M. Eassa , Hazem M. El-Bakry“NoSQL Racket: A Testing Tool for Detecting NoSQL Injection Attacks in Web Applications”International Journal of Advanced Computer Science and Applications, Vol. 8, No. 11, 2017.

III.Aviv Ron,Alexandra Shulman-Peleg,Emanuel Bronshtein “No SQL, No Injection? Examining NoSQL Security Examining NoSQL Security” In proceedings of the 9thworkshop on web 2.0 security and privacy (W2SP) 2015.

IV.BoyuHou,Kai Qian “MongoDBNoSQL injection Analysis and detection” 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing.

V.BoyuHou,yongshi“ Towards analyzing MongoDBNoSQL security and designing injection defense solution” ieee3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids), 26-28 may 2017.

VI.Chickerur, Satyadhyan, AnoopGoudar, and AnkitaKinnerkar”Comparison of Relational Database with Document-Oriented Database (MongoDB) for Big Data Applications.” 28th International Conference on Advanced Software Engineering & Its Applications (ASEA) 25 Nov. 2015: 41-47.

VII.Changlin He,“Survey on nosql database technology”,journal of applied science and engineering innovation vol. 2 no. 2,2015.

VIII.EbrahimSahafizadeh, Mohammad Ali Nematbakhsh“A Survey on Security Issues in Big Data and NoSQL” ACSIJ Advances in ComputerScience: an International Journal, Vol. 4, Issue 4, No.16 , July 2015 ISSN : 2322-5157.

IX.https://www.mongodb.org

X.Jing Han,haihongE,GuanLe,JianDu,“survey on nosql database”, 2011 IEEE.

XI.Kadebu, Prudence, and Innocent Mapanga, “A Security Requirements Perspective towards a Secured NOSQL Database Environment.” International Conference of Advance Research and Innovation, 2014.

XII.ManovegSaxena,ZakirAli, Vinod Kumar Singh,“NOSQL database –analysis,Techniques and classification” journal of advanced database management &system,volume 1 issue 2,2014.

XIII.Noiumkar, Preecha, and TawatchaiChomsiri,”A Comparison the Level of Security on Top 5 Open Source NoSQL Databases.” The 9th International Conference on Information Technology and Applications (ICITA2014).

XIV.“No SQL Injection in MongoDB” https://zanon.io/posts/nosql-injection-in-mongodb.

XV.Okman, Lior et al, “Security issues in nosql databases.” 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications 16 Nov. 2011:541-547.

XVI.Pokorny, Jaroslav,”NoSQL databases: a step to database scalability in web environment.” International Journal of Web Information Systems9.1 :69-82,2013.

XVII.RoshniBajpayee,Sonalipriya Sinha,Vinod Kumar ,“Big data :A brief investigation on NOSQL database”,International journal of innovations & advancement in computer science,volume 4, issue 1 January 2015.

XVIII.S.Priyadharshini, R. Rajmohan“Analysis on data base security model against nosql injection” 2017 International Journal of Scientific Research in Computer Science, Engineering and Information Technology , Volume 2 , Issue 2 ,2017,ISSN : 2456-3307

Vrinda Sachdeva, Sachin Gupta View Download