Thursday, September 17, 2015

Database - NoSQL

There are, however, other databases that don’t use SQL (or use code in addition to SQL). Known as NoSQL databases, they offer a different mechanism for retrieving data than their relational database counterparts. These are commonly found in virtual systems provided by cloud-based services. 

While they are usually resistant to SQL injection, there are NoSQL injection attacks as well. Because of the type of programming used in NoSQL, the potential impact of a NoSQL injection attack can be greater than that of a SQL injection attack. An example of a NoSQL injection attack is the JavaScript Object Notation (JSON) injection attack. But, NoSQL databases are also vulnerable to brute-force attacks (cracking of passwords) and connection pollution (a combination of XSS and code injection techniques). 

Methods to protect against NoSQL injection are similar to the methods mentioned for SQL injection. However, because NoSQL databases are often used within cloud services, a security administrator for a company might not have much control over the level of security that is implemented. In these cases, careful scrutiny of the service-level agreement (SLA) between the company and the cloud provider is imperative.

Input validation is the best programming technique to stop buffer overflow attacks and is also used to prevent SQL injection attacks.

A sandbox is used to run the web scripts in their own testing environment.

Backdoors are used in computer programs to bypass normal authentication. Backdoor analysis includes checking the operating system, applications, and firmware on devices and making sure they are updated.

No comments:

Post a Comment