Course Body

Environment Setup/Error Reporting:

NoSQLi: From Beginner To BSON Injection

Table Of Contents

Talk Scope

  1. What is NoSQL injection (NoSQLi)?
  2. How does NoSQLi compare to SQLi?
  3. Evaluate MongoDb's claim that "traditional SQL injection attacks are not a problem" in MongoDb
  4. Evaluate how MongoDb can be exploited through BSON injection
  5. Understand the execution contexts that queries are evaluated in (and how they can be exploited)

What is NoSQL Injection (NoSQLi)?

SQL Injection: Foundational Thinking

SQL Vs NoSQL Injection (CONT.)

SQL Vs NoSQL Injection (CONT.)

Mongos NoSQLi Response

Mongos NoSQLi Response (CONT)

Mongos NoSQLi Response (CONT)

BSON Injection

BSON-RUBY Injection: Background

BSON-RUBY Injection (CONT)