AppSec Tales XXI | NoSQLI
6 min readNov 4, 2023
Application Security Testing for NoSQL Injections.
INTRODUCTION
The article describes how to test the application to find NoSQL Injection vulnerabilities in various databases that do not use SQL (Structured Query Language), such as:
- Key-value-oriented databases (Redis | Memcached | DynamoDB)
- Document-oriented databases (MongoDB | CouchDB)
- Wide-column-oriented database (Apache Cassandra)
- Graph-oriented database (neo4j)
Furthermore, you will find payloads for testing Cypher Query Language.
It is good to read AppSec Tales XIII | SQLI first if you have not already.
GUIDELINES
In the below guidelines, I assume that you identified the application entry points described in the AppSec Tales XI | Input Validation: