NoSQL == No SQL injections?

Presented at DEF CON 18 (2010), Unknown date/time (Unknown duration)

This is a short talk on NoSQL technologies and their impacts on traditional injection threats such as SQL injection. This talk surveys existing NoSQL technologies, and then demos proof-of-concept threats found with CouchDB. We then discuss impacts of NoSQL technologies to existing security technologies such as blackbox scanning, static analysis, and web application firewalls.

Presenters:

• Kuon
• Kuon Ding
• Wayne Huang - CTO, Armorize Technologies
  Wayne Huang has extensive experience in the security industry and is a frequent speaker at security conferences including RSA (07, 10), SyScan (08, 09), OWASP (08, 09), Hacks in Taiwan (06, 07), WWW (03, 04), PHP (07) and DSN (04). He is the first author to achieve consecutive best paper nominations at the prestigious World Wide Web (WWW) Conferences (2003, 2004), and has a co-authored the Web Application Security chapter of "Computer Security in the 21st Century" (Springer US, 2005). Wayne is a PhD candidate at the EE, NTU, and has received his BS and MS in CS from NCTU.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Huang
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Wayne Huang and Kuon Ding - No SQL No Injection - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=qo6DqZZWVM8

Similar Presentations:

• VB2019 / Catch me if you can: detection of injection exploitation by validating query and API integrity
• DEF CON 21 (2013) / Abusing NoSQL Databases
• AppSec USA 2012 / NoSQL, no security?