Channel: Tech Raj

Category: Science & Technology

Tags: mongodb injectiontech rajowasp juice shopsnykpenetration testingethical hackinglearn hackingmongodbwebsite hackingnosqlnosql injection

Description: Sign up for Snyk for free: snyk.co/techraj Goof Vulnerable application: github.com/snyk/goof OWASP Juice Shop: github.com/juice-shop/juice-shop In this video, I'm going to talk about NoSQL Injection and I'm also going to practically demonstrate it to you. DISCLAIMER: The demonstration shown in this video is performed in a controlled lab setup. This video is for educational purposes only. You can only perform penetration testing in your own lab environment and doing it on any live application is not allowed and it is a crime unless you are a professional and have appropriate permissions. Chapters 0:00 Intro 0:19 What is NoSQL? 2:45 About the sponsor - Snyk 4:14 Hands-on MongoDB 11:53 Setting up OWASP Juice Shop 14:33 Hacking OWASP Juice Shop 21:33 Bypass login forms? 21:58 Hacking Goof Vulnerable App 27:01 How to prevent NoSQL injection? 27:34 Using Snyk to detect and fix NoSQL injection 31:37 Snyk Web Interface But before that, what is a NoSQL database? In simple words, NoSQL databases are those that do not have tables. Data is stored in an unstructured fashion as opposed to a relational database. It is still a database and its job is same as a SQL database, that is, store data, manipulate it and retrieve it as necessary. What is NoSQL injection? Its when an attacker is able to inject a statement into an hardcoded NoSQL query and modify it so that it can do some tasks that is not supposed to do, like retrieving critical information from the database like user emails and passwords, or manipulating data, or even worse, deleting data from the database. In this video, I demonstrate NoSQL injection on two intentionally vulnerable applications - OWASP Juice Shop and Goof. These apps can be setup locally by using Docker. You can install Docker for Desktop to get started: docker.com/products/docker-desktop You will need to restart your computer after the installation. Docker Image for OWASP Juice Shop: hub.docker.com/r/bkimminich/juice-shop For Goof, you need to build the image from the source. Refer the github page linked above to learn how to do that. Once setup, you can access these apps from your localhost and play with them! Join my Discord: discord.gg/6TjBzgt Follow me on Instagram: instagram.com/teja.techraj Website: techraj156.com​​​​​ Blog: blog.techraj156.com​ Thanks for watching! SUBSCRIBE for more videos! Cheers!