This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 26 • 1:00pm - 1:45pm
NoSQL, no security?

Sign up or log in to save this to your schedule and see who's attending!

Serving as a scalable alternative to traditional relational databases (RDBs), NoSQL databases have exploded in popularity. NoSQL databases offer more efficient ways to work with large datasets, but serious security issues need to be addressed.
NoSQL databases can suffer from a variety of injection attacks. Most NoSQL databases can’t authenticate and authorize clients, and can’t provide role-based access controls or encryption. Because these controls do not exist, developers and administrators are forced to implement their own controls to compensate for these shortcomings. These compensating controls could become a problem for organizations that have compliance considerations and could make maintaining NoSQL more complex than simply deploying an enterprise relational database that features built-in security.
Because many NoSQL architectures lack encryption and authentication, an attacker could eavesdrop on the client-server communication and obtain private data. Additionally, NoSQL databases can suffer from a variety of injection attacks via Javascript and JSON. Traditional SQL injection countermeasures are not effective against these attacks, so developers must be aware of these threats and write code that attackers can’t penetrate.
In this presentation we’ll talk about how RDB security features and threats apply to NoSQL databases. We’ll also explore the security controls that are present in NoSQL architectures, and cover administrative, compliance and regulatory concerns associated with operating NoSQL architectures in environments that contain sensitive data.

avatar for Will Urbanski

Will Urbanski

Will Urbanski is a security researcher who tracks vulnerability and malware trends. He has experience in both research and security operations in enterprise and higher education environments. Will is the co-author of a patent for an IPv6 moving target defense. He has more than eight years of experience in Information Security and has written articles for numerous journals, including IEEE Security & Privacy. Will holds a Bachelor of Science in... Read More →

Friday October 26, 2012 1:00pm - 1:45pm
Checkmarx Room - Hill Country A Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (26)