NoSQL == No SQL injections?

Presented at DEF CON 18 (2010), Unknown date/time (Unknown duration).

This is a short talk on NoSQL technologies and their impacts on traditional injection threats such as SQL injection. This talk surveys existing NoSQL technologies, and then demos proof-of-concept threats found with CouchDB. We then discuss impacts of NoSQL technologies to existing security technologies such as blackbox scanning, static analysis, and web application firewalls.


Presenters:

  • Wayne Huang - CTO, Armorize Technologies
    Wayne Huang has extensive experience in the security industry and is a frequent speaker at security conferences including RSA (07, 10), SyScan (08, 09), OWASP (08, 09), Hacks in Taiwan (06, 07), WWW (03, 04), PHP (07) and DSN (04). He is the first author to achieve consecutive best paper nominations at the prestigious World Wide Web (WWW) Conferences (2003, 2004), and has a co-authored the Web Application Security chapter of "Computer Security in the 21st Century" (Springer US, 2005). Wayne is a PhD candidate at the EE, NTU, and has received his BS and MS in CS from NCTU.
  • Kuon Ding
  • Kuon

Links:

Similar Presentations: