Ep. 15 - NoSQL Injection: MongoDb Query Object Injection

Learn How Attackers Can Circumvent Server-side Login Validation

About This Episode

  1. Learn about Mongo's Query Objects, and how they can circumvent server-side password validation
  2. Interactive Exercise (Part 1): Reconnaissance of client-side Javascript to find an API endpoint and deduce payload structure
  3. Interactive Exercise (Part 2): Use Query Object Injection to override all product reviews within Owasp's Juice Shop

Course Curriculum

  First Section
Available in days
days after you enroll

Your Instructor

Zach Roof
Zach Roof

I started my tech tutorial journey when I was bedridden for 6 months because I couldn't get healthcare insurance. While I might of been in extreme physical pain, I persisted because the instructors that I watched during that time filled me with immense joy. Towards the end of that experience, I vowed that once I gained the appropriate expertise, I'd provide quality tutorial content to the greater tech community.

In the years after my disability, I've held positions as a Frontend Developer, Backend Developer, Application Security Engineer and a DevOps/Security Engineer. My professional path has ranged from large corporate settings to an intimate blockchain startup.

Now, the next progression in my journey is to take all of my experience and provide quality security tutorials to the greater tech community.