AppSec Tales XXI | NoSQLI

Application Security Testing for NoSQL Injections.

INTRODUCTION

The article describes how to test the application to find NoSQL Injection vulnerabilities in various databases that do not use SQL (Structured Query Language), such as:

• Key-value-oriented databases (Redis | Memcached | DynamoDB)
• Document-oriented databases (MongoDB | CouchDB)
• Wide-column-oriented database (Apache Cassandra)
• Graph-oriented database (neo4j)

Source: NoSQL Database — What is NoSQL? | Microsoft Azure

Furthermore, you will find payloads for testing Cypher Query Language.

It is good to read AppSec Tales XIII | SQLI first if you have not already.

GUIDELINES

In the below guidelines, I assume that you identified the application entry points described in the AppSec Tales XI | Input Validation: