NoSQL Racket: A Testing Tool for Detecting NoSQL Injection Attacks in Web Applications
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2017, Vol 8, Issue 11
Abstract
A NoSQL injection attack targets interactive Web applications that employ NoSQL database services. These applications accept user inputs and use them to form query statements at runtime. During NoSQL injection attack, an attacker might provide malicious query segments as user input which could result in a different database request. In this paper, a testing tool is presented to detect NoSQL injection attacks in web application which is called “NoSQL Racket”. The basic idea of this tool depends on checking the intended structure of the NoSQL query by comparing NoSQL statement structure in code query statement (static code analysis) and runtime query statement (dynamic analysis). But we faced a big challenge, there is no a common query language to drive NoSQL databases like the same way in relational database using SQL as a standardized query language. The proposed tool is tested on four different vulnerable web applications and its effectiveness is compared against three different well known testers, none of them is able to detect any NoSQL Injection attacks. However, the implemented testing tool has the ability to detect the NoSQL injection attacks.
Authors and Affiliations
Ahmed M. Eassa, Omar H. Al-Tarawneh, Hazem M. El-Bakry, Ahmed S. Salama
Keywords
Related Articles
- EP ID EP242077
- DOI 10.14569/IJACSA.2017.081178
- Views 67
- Downloads 0
An SMS-SQL based On-board system to manage and query a database
Technological advances of recent years have facilitated the use of embedded systems. They are part of our everyday life. Thanks to them, electronic devices are increasingly present in our lives in many forms: Mobile phon...
A Statistical Approach For Latin Handwritten Digit Recognition
A simple method based on some statistical measurements for Latin handwritten digit recognition is proposed in this paper. Firstly, a preprocess step is started with thresholding the gray-scale digit image into a binary i...
Developing a Search Algorithm and a Visualization Tool for SNOMED CT
With electronic health records rising in popularity among hospitals and physicians, the SNOMED CT medical terminology has served as a valuable standard for those looking to exchange a variety of information linked to cli...
The Implementation of Software Anti-Ageing Model towards Green and Sustainable Products
Software ageing is a phenomenon that normally occurs in a long running software. Progressive degradation of software performance is a symptom that shows software is getting aged and old. Researchers believe that the agei...
Tele-Ophthalmology Android Application: Design and Implementation
Diabetic retinopathy is the leading cause of blind-ness in the world population. Early detection and appropriate treatment can significantly reduce the risk of loss of sight. Medical authorities recommend an annual revie...