Live Hacking - NoSQL Injection Explained!

Скачать Live Hacking - NoSQL Injection Explained! бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Live Hacking - NoSQL Injection Explained! или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Cкачать музыку Live Hacking - NoSQL Injection Explained! бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Live Hacking - NoSQL Injection Explained!

Sign up for Snyk for free: https://snyk.co/techraj
Goof Vulnerable application: https://github.com/snyk/goof
OWASP Juice Shop: https://github.com/juice-shop/juice-shop

In this video, I'm going to talk about NoSQL Injection and I'm also going to practically demonstrate it to you.

DISCLAIMER: The demonstration shown in this video is
performed in a controlled lab setup. This video
is for educational purposes only. You can only
perform penetration testing in your own lab
environment and doing it on any live application
is not allowed and it is a crime unless you are a
professional and have appropriate permissions.

Chapters
0:00 Intro
0:19 What is NoSQL?
2:45 About the sponsor - Snyk
4:14 Hands-on MongoDB
11:53 Setting up OWASP Juice Shop
14:33 Hacking OWASP Juice Shop
21:33 Bypass login forms?
21:58 Hacking Goof Vulnerable App
27:01 How to prevent NoSQL injection?
27:34 Using Snyk to detect and fix NoSQL injection
31:37 Snyk Web Interface

But before that, what is a NoSQL database?
In simple words, NoSQL databases are those that do not have tables. Data is stored in an unstructured fashion as opposed to a relational database. It is still a database and its job is same as a SQL database, that is, store data, manipulate it and retrieve it as necessary.

What is NoSQL injection?
Its when an attacker is able to inject a statement into an hardcoded NoSQL query and modify it so that it can do some tasks that is not supposed to do, like retrieving critical information from the database like user emails and passwords, or manipulating data, or even worse, deleting data from the database.

In this video, I demonstrate NoSQL injection on two intentionally vulnerable applications - OWASP Juice Shop and Goof.
These apps can be setup locally by using Docker.
You can install Docker for Desktop to get started: https://www.docker.com/products/docke...
You will need to restart your computer after the installation.

Docker Image for OWASP Juice Shop: https://hub.docker.com/r/bkimminich/j...
For Goof, you need to build the image from the source. Refer the github page linked above to learn how to do that.
Once setup, you can access these apps from your localhost and play with them!

Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: https://techraj156.com
Blog: https://blog.techraj156.com

Thanks for watching!
SUBSCRIBE for more videos!
Cheers!