NoSQL Racket: A Testing Tool for Detecting NoSQL Injection Attacks in Web Applications
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2017, Vol 8, Issue 11
Abstract
A NoSQL injection attack targets interactive Web applications that employ NoSQL database services. These applications accept user inputs and use them to form query statements at runtime. During NoSQL injection attack, an attacker might provide malicious query segments as user input which could result in a different database request. In this paper, a testing tool is presented to detect NoSQL injection attacks in web application which is called “NoSQL Racket”. The basic idea of this tool depends on checking the intended structure of the NoSQL query by comparing NoSQL statement structure in code query statement (static code analysis) and runtime query statement (dynamic analysis). But we faced a big challenge, there is no a common query language to drive NoSQL databases like the same way in relational database using SQL as a standardized query language. The proposed tool is tested on four different vulnerable web applications and its effectiveness is compared against three different well known testers, none of them is able to detect any NoSQL Injection attacks. However, the implemented testing tool has the ability to detect the NoSQL injection attacks.
Authors and Affiliations
Ahmed M. Eassa, Omar H. Al-Tarawneh, Hazem M. El-Bakry, Ahmed S. Salama
Keywords
Related Articles
- EP ID EP242077
- DOI 10.14569/IJACSA.2017.081178
- Views 107
- Downloads 0
Effectiveness of Iphone’s Touch ID: KSA Case Study
A new trend of incorporating Touch ID sensors in mobile devices is appearing. Last year, Apple released a new model of its famous iPhone (5s). One of the most anticipated and hailed features of the new device was its Tou...
Knowledge Level Assessment in e-Learning Systems Using Machine Learning and User Activity Analysis
Electronic Learning has been one of the foremost trends in education so far. Such importance draws the attention to an important shift in the educational paradigm. Due to the complexity of the evolving paradigm, the pros...
A Novel Image Encryption Approach for Cloud Computing Applications
In this paper, a novel image encryption approach is proposed in the context of cloud computing applications. A fast special transform based on non-equispaced grid technique is introduced and applied as the first time in...
A Semantic Interpretation of Unusual Behaviors Extracted from Outliers of Moving Objects Trajectories
The increasing use of location-aware devices has led to generate a huge volume of data from satellite images and mobile sensors; these data can be classified into geographical data. And traces generated by objects moving...
The Analysis of Anticancer Drug Sensitivity of Lung Cancer Cell Lines by using Machine Learning Clustering Techniques
Lung cancer is the commonest type of cancer with the highest fatality rate worldwide. There is continued research that experiments on drug development for lung cancer patients by assessing their responses to chemotherape...