Hackers of India

Pentesting NoSQL DB’s with NoSQL Exploitation Framework

 Francis Alexander 


Presentation Material


The talk focuses on:

Why NoSQL hasn’t solved the problem yet Why the DB administrator should worry as the default security could cost you your job. How an attacker with just an IP could take down the server and perform a resource exhaustion attack Various exploitation techniques such as timing based attacks similar to blind SQL injection with no feedback from the web application Discussion on why NoSQL encryption techniques have failed and why they aren’t secure How an attacker could leverage the various API’s within NoSQL for JSON-Injection 0-day Bug in PHP Couch Driver which helps an attacker to leverage various resources.