About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
IEEE Security and Privacy
Paper
Analysis and Mitigation of NoSQL Injections
Abstract
NoSQL data storage systems have become very popular due to their scalability and ease of use. Unfortunately, they lack the security measures and awareness that are required for data protection. Although the new data models and query formats of NoSQL data stores make old attacks such as SQL injections irrelevant, they give attackers new opportunities for injecting their malicious code into the statements passed to the database. Analysis of the techniques for injecting malicious code into NoSQL data stores provides examples of new NoSQL injections as well as Cross-Site Request Forgery attacks, allowing attackers to bypass perimeter defenses such as firewalls. Analysis of the source of these vulnerabilities and present methodologies can mitigate such attacks. Because code analysis alone is insufficient to prevent attacks in today's typical large-scale deployment, certain mitigations should be done throughout the entire software life cycle.