SlideShare a Scribd company logo

NoSQL Injection in Meteor.js Application

Download as PPTX, PDF
Designveloper
Designveloper

Websites: https://www.designveloper.com Visit our blog https://www.designveloper.com/blog Like Facebook page https://www.facebook.com/designveloper/ Youtube: http://bit.ly/29PTtFS

Software
1 of 16
NOSQL INJECTION IN APPS Vietnam WWW.DESIGNVELOPER.COM
1. INTRODUCTION WWW.DESIGNVELOPER.COM
Hello! I am Son Le o At Designveloper for > 2 years o Work with Meteor for > a year You can find me at: @sonlexqt
Required: familiarity with WWW.DESIGNVELOPER.COM
Don’t get me wrong ! is NOT INSECURE WWW.DESIGNVELOPER.COM
SQL Injection Queries use STRINGs as the control mechanism. WWW.DESIGNVELOPER.COM
Exploits of a Mom // query INSERT INTO Students VALUES ( '$Name' ) // input Robert'); DROP TABLE Students; -- // result INSERT INTO Students VALUES ( 'Robert' ); DROP TABLE Students; --' ) source: https://xkcd.com/327 WWW.DESIGNVELOPER.COM
SQL Injection - One more example // query SELECT * FROM users WHERE username='peter’ AND (password= ('$PWD')) // input ' OR '1'='1’ // result SELECT * FROM users WHERE username='peter' AND (password='' OR '1'='1') WWW.DESIGNVELOPER.COM
NoSQL Injection Queries use OBJECTs as the control mechanism. WWW.DESIGNVELOPER.COM
2. DEMO TIME Meteor-shop web application WWW.DESIGNVELOPER.COM
Let’s play a role of a hacker ! With NoSQL Injection skill. WWW.DESIGNVELOPER.COM
3. SOLUTIONS WWW.DESIGNVELOPER.COM
“MAKE ASSERTIONS ON USER INPUT DATA WWW.DESIGNVELOPER.COM
CHECK to the rescue https://atmospherejs.com/meteor/check Check whether a value matches a pattern $ meteor add check check(slug, String); ERROR: Expected String, got Object WWW.DESIGNVELOPER.COM
CHECK-CHECKER https://atmospherejs.com/east5th/check-checker Scan the code to detect methods / publish functions which haven’t checked for its input data. $ meteor add east5th:check- checker WWW.DESIGNVELOPER.COM
Thanks! Any questions? o meteor-shop demo application https://github.com/sonlexqt/meteor-shop WWW.DESIGNVELOPER.COM

Recommended

OWASP A1 - Injection | The art of manipulation
OWASP A1 - Injection | The art of manipulationOWASP A1 - Injection | The art of manipulation
OWASP A1 - Injection | The art of manipulationPavan M
 
No sql injection in meteor.js application
No sql injection in meteor.js applicationNo sql injection in meteor.js application
No sql injection in meteor.js applicationDesignveloper
 
Sql injection
Sql injectionSql injection
Sql injectionMohit Shukla
 
ASP.NET MVC, AngularJS CRUD for Azerbaijan Technical University
ASP.NET MVC, AngularJS CRUD for Azerbaijan Technical UniversityASP.NET MVC, AngularJS CRUD for Azerbaijan Technical University
ASP.NET MVC, AngularJS CRUD for Azerbaijan Technical UniversitySyed Shanu
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachJeff Prom
 
Hacking Your Way To Better Security
Hacking Your Way To Better SecurityHacking Your Way To Better Security
Hacking Your Way To Better SecurityColin O'Dell
 
Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Colin O'Dell
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 

Recommended

OWASP A1 - Injection | The art of manipulation
OWASP A1 - Injection | The art of manipulationOWASP A1 - Injection | The art of manipulation
OWASP A1 - Injection | The art of manipulationPavan M
 
No sql injection in meteor.js application
No sql injection in meteor.js applicationNo sql injection in meteor.js application
No sql injection in meteor.js applicationDesignveloper
 
Sql injection
Sql injectionSql injection
Sql injectionMohit Shukla
 
ASP.NET MVC, AngularJS CRUD for Azerbaijan Technical University
ASP.NET MVC, AngularJS CRUD for Azerbaijan Technical UniversityASP.NET MVC, AngularJS CRUD for Azerbaijan Technical University
ASP.NET MVC, AngularJS CRUD for Azerbaijan Technical UniversitySyed Shanu
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachJeff Prom
 
Hacking Your Way To Better Security
Hacking Your Way To Better SecurityHacking Your Way To Better Security
Hacking Your Way To Better SecurityColin O'Dell
 
Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Colin O'Dell
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Colin O'Dell
 
Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Colin O'Dell
 
Angular data binding by Soft Solutions4U
Angular data binding by Soft Solutions4UAngular data binding by Soft Solutions4U
Angular data binding by Soft Solutions4Usharsen
 
Sq li
Sq liSq li
Sq liAshok kumar sandhyala
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
BITM3730Week11.pptx
BITM3730Week11.pptxBITM3730Week11.pptx
BITM3730Week11.pptxMattMarino13
 
API-first development
API-first developmentAPI-first development
API-first developmentVasco Veloso
 
Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Colin O'Dell
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLPradeep Kumar
 
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Colin O'Dell
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Web App Security - A Developers Perspective: Part 1 - SQL Injection
Web App Security - A Developers Perspective: Part 1 - SQL InjectionWeb App Security - A Developers Perspective: Part 1 - SQL Injection
Web App Security - A Developers Perspective: Part 1 - SQL Injectionn|u - The Open Security Community
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Sql query tuning or query optimization
Sql query tuning or query optimizationSql query tuning or query optimization
Sql query tuning or query optimizationVivek Singh
 
2013-01-10 iOS testing
2013-01-10 iOS testing2013-01-10 iOS testing
2013-01-10 iOS testingCocoaHeads Tricity
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2Tjylen Veselyj
 
Web application security
Web application securityWeb application security
Web application securitywww.netgains.org
 
Let us take care of your brand image
Let us take care of your brand imageLet us take care of your brand image
Let us take care of your brand imageDesignveloper
 
5 java script frameworks to watch in 2017
5 java script frameworks to watch in 20175 java script frameworks to watch in 2017
5 java script frameworks to watch in 2017Designveloper
 

More Related Content

Similar to NoSQL Injection in Meteor.js Application

Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Colin O'Dell
 
Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Colin O'Dell
 
Angular data binding by Soft Solutions4U
Angular data binding by Soft Solutions4UAngular data binding by Soft Solutions4U
Angular data binding by Soft Solutions4Usharsen
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
BITM3730Week11.pptx
BITM3730Week11.pptxBITM3730Week11.pptx
BITM3730Week11.pptxMattMarino13
 
API-first development
API-first developmentAPI-first development
API-first developmentVasco Veloso
 
Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Colin O'Dell
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLPradeep Kumar
 
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Colin O'Dell
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Web App Security - A Developers Perspective: Part 1 - SQL Injection
Web App Security - A Developers Perspective: Part 1 - SQL InjectionWeb App Security - A Developers Perspective: Part 1 - SQL Injection
Web App Security - A Developers Perspective: Part 1 - SQL Injectionn|u - The Open Security Community
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Sql query tuning or query optimization
Sql query tuning or query optimizationSql query tuning or query optimization
Sql query tuning or query optimizationVivek Singh
 

Similar to NoSQL Injection in Meteor.js Application (20)

Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016
 
Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016
 
Angular data binding by Soft Solutions4U
Angular data binding by Soft Solutions4UAngular data binding by Soft Solutions4U
Angular data binding by Soft Solutions4U
 
Sq li
Sq liSq li
Sq li
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
BITM3730Week11.pptx
BITM3730Week11.pptxBITM3730Week11.pptx
BITM3730Week11.pptx
 
API-first development
API-first developmentAPI-first development
API-first development
 
Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
 
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Web App Security - A Developers Perspective: Part 1 - SQL Injection
Web App Security - A Developers Perspective: Part 1 - SQL InjectionWeb App Security - A Developers Perspective: Part 1 - SQL Injection
Web App Security - A Developers Perspective: Part 1 - SQL Injection
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Sql query tuning or query optimization
Sql query tuning or query optimizationSql query tuning or query optimization
Sql query tuning or query optimization
 
2013-01-10 iOS testing
2013-01-10 iOS testing2013-01-10 iOS testing
2013-01-10 iOS testing
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
Web application security
Web application securityWeb application security
Web application security
 

More from Designveloper

Let us take care of your brand image
Let us take care of your brand imageLet us take care of your brand image
Let us take care of your brand imageDesignveloper
 
5 java script frameworks to watch in 2017
5 java script frameworks to watch in 20175 java script frameworks to watch in 2017
5 java script frameworks to watch in 2017Designveloper
 
Happy international women's day!
Happy international women's day!Happy international women's day!
Happy international women's day!Designveloper
 
Typing racer game - a nice break from work
Typing racer game - a nice break from workTyping racer game - a nice break from work
Typing racer game - a nice break from workDesignveloper
 
Should we work remotely?
Should we work remotely?Should we work remotely?
Should we work remotely?Designveloper
 
Meet song nhi your virtual financial assistance
Meet song nhi your virtual financial assistanceMeet song nhi your virtual financial assistance
Meet song nhi your virtual financial assistanceDesignveloper
 
Why pair programming is a good idea
Why pair programming is a good idea Why pair programming is a good idea
Why pair programming is a good idea Designveloper
 
5 worst mistakes of diy websites
5 worst mistakes of diy websites5 worst mistakes of diy websites
5 worst mistakes of diy websitesDesignveloper
 
Basic glossary of web design terms for non designers (part 2)
Basic glossary of web design terms for non designers (part 2)Basic glossary of web design terms for non designers (part 2)
Basic glossary of web design terms for non designers (part 2)Designveloper
 
Single page web application development using meteor js
Single page web application development using meteor jsSingle page web application development using meteor js
Single page web application development using meteor jsDesignveloper
 
Multiplayer game with unity3 d and meteor
Multiplayer game with unity3 d and meteorMultiplayer game with unity3 d and meteor
Multiplayer game with unity3 d and meteorDesignveloper
 
Awesome free resources for learning javascript
Awesome free resources for learning javascriptAwesome free resources for learning javascript
Awesome free resources for learning javascriptDesignveloper
 
What is the best java script frameworks to learn?
What is the best java script frameworks to learn?What is the best java script frameworks to learn?
What is the best java script frameworks to learn?Designveloper
 
Travelling forms a young man
Travelling forms a young manTravelling forms a young man
Travelling forms a young manDesignveloper
 
5 compelling reasons your website should be responsive
5 compelling reasons your website should be responsive5 compelling reasons your website should be responsive
5 compelling reasons your website should be responsiveDesignveloper
 
Reactive programming with tracker
Reactive programming with trackerReactive programming with tracker
Reactive programming with trackerDesignveloper
 
Benefits of using single page websites
Benefits of using single page websitesBenefits of using single page websites
Benefits of using single page websitesDesignveloper
 
What is the best programming language for beginner?
What is the best programming language for beginner?What is the best programming language for beginner?
What is the best programming language for beginner?Designveloper
 
How to deploy and scale your meteor apps
How to deploy and scale your meteor appsHow to deploy and scale your meteor apps
How to deploy and scale your meteor appsDesignveloper
 
Meetup groups you need to join if you are new to tech
Meetup groups you need to join if you are new to techMeetup groups you need to join if you are new to tech
Meetup groups you need to join if you are new to techDesignveloper
 

More from Designveloper (20)

Let us take care of your brand image
Let us take care of your brand imageLet us take care of your brand image
Let us take care of your brand image
 
5 java script frameworks to watch in 2017
5 java script frameworks to watch in 20175 java script frameworks to watch in 2017
5 java script frameworks to watch in 2017
 
Happy international women's day!
Happy international women's day!Happy international women's day!
Happy international women's day!
 
Typing racer game - a nice break from work
Typing racer game - a nice break from workTyping racer game - a nice break from work
Typing racer game - a nice break from work
 
Should we work remotely?
Should we work remotely?Should we work remotely?
Should we work remotely?
 
Meet song nhi your virtual financial assistance
Meet song nhi your virtual financial assistanceMeet song nhi your virtual financial assistance
Meet song nhi your virtual financial assistance
 
Why pair programming is a good idea
Why pair programming is a good idea Why pair programming is a good idea
Why pair programming is a good idea
 
5 worst mistakes of diy websites
5 worst mistakes of diy websites5 worst mistakes of diy websites
5 worst mistakes of diy websites
 
Basic glossary of web design terms for non designers (part 2)
Basic glossary of web design terms for non designers (part 2)Basic glossary of web design terms for non designers (part 2)
Basic glossary of web design terms for non designers (part 2)
 
Single page web application development using meteor js
Single page web application development using meteor jsSingle page web application development using meteor js
Single page web application development using meteor js
 
Multiplayer game with unity3 d and meteor
Multiplayer game with unity3 d and meteorMultiplayer game with unity3 d and meteor
Multiplayer game with unity3 d and meteor
 
Awesome free resources for learning javascript
Awesome free resources for learning javascriptAwesome free resources for learning javascript
Awesome free resources for learning javascript
 
What is the best java script frameworks to learn?
What is the best java script frameworks to learn?What is the best java script frameworks to learn?
What is the best java script frameworks to learn?
 
Travelling forms a young man
Travelling forms a young manTravelling forms a young man
Travelling forms a young man
 
5 compelling reasons your website should be responsive
5 compelling reasons your website should be responsive5 compelling reasons your website should be responsive
5 compelling reasons your website should be responsive
 
Reactive programming with tracker
Reactive programming with trackerReactive programming with tracker
Reactive programming with tracker
 
Benefits of using single page websites
Benefits of using single page websitesBenefits of using single page websites
Benefits of using single page websites
 
What is the best programming language for beginner?
What is the best programming language for beginner?What is the best programming language for beginner?
What is the best programming language for beginner?
 
How to deploy and scale your meteor apps
How to deploy and scale your meteor appsHow to deploy and scale your meteor apps
How to deploy and scale your meteor apps
 
Meetup groups you need to join if you are new to tech
Meetup groups you need to join if you are new to techMeetup groups you need to join if you are new to tech
Meetup groups you need to join if you are new to tech
 

Recently uploaded

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 

Recently uploaded (20)

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 

NoSQL Injection in Meteor.js Application

Editor's Notes

  1. This topic will require a little bit of your familiarity with Meteor & MongoDB
  2. At first: please don’t get me wrong ! I don’t say that Meteor apps is insecure. Although Meteor it self has a package called INSECURE, but it’s a different story right ? In fact, Meteor is quite good at handling security if us developers pay enought attention to it
  3. In the world of SQL, queries use STRINGs as the control mechanism. So SQL INJECTION will be the technique that the attackers use to take advantages of this mechanism. What does that mean ? Well, let’s get to the examples !
  4. Classic example of SQL Injection To summary this example: a mom is sending her son to a new school. Of course he has to be registered to the school computer system right ? So the query to do that is INSERT INTO ... What if the son has some weird name like Robert quote close parentheses ... So in the result, there’s a DROP TABLE Students query comes along, which will remove the whole Students table data.
  5. Let’s say the query to get one user data with usename=‘peter’ is this: SELECT * FROM ... and the password is the input What if the input for password is: ' OR '1'='1 We get the result query here, which will always be succeed because the condition: (password='' OR '1'='1') is always true ! So this way, the attacker can get any arbitrary user data, given the username That’s basically how SQL Injection works
  6. Instead of using STRINGs as the control mechanism, NOSQL INJECTION queries use OBJECTs as the control mechanism What does that mean ? Let’s dive in to the demo
  7. - Here’s the good news: In contrast with the problems, the solutions are quite easy
  8. The solution is simple: we have to MAKE ASSERTIONS ON USER INPUT DATA You know that Meteor uses DDP (Distributed Transfer Protocol) which can transfer many types of data: String, Number, Array, Object ... If you know exactly what is the data user passed in, we can deal with them safely But how can we know exactly what is the data user passed in
  9. - In the scope of Meteor, there’s a useful package called CHECK - We are going to use this check package for every method / publication function that we need to validate user input
  10. There’re cases that you have so many methods & publication functions that you don’t know if they’re CHECKED or not ? Well, we also have a package called check-checker here, which helps ... and return a warning if there’s an unchecked method
  11. So that’s it ! I hope my presentation gives you a better look on security prospective so that you can make a BETTER and SAFER app.