Mailing list:

Session Details

Title: NoSQL Shouldn’t Mean NoSecurity

Speaker: Matthew Groves

Time/Room: 10:30 AM/Marquis (Ingage)


As NoSQL databases increase in popularity, they also increase in popularity with hackers. NoSQL databases are vulnerable to traditional attacks like SQL injection (yes, really). Further, the rush to productivity leaves some of these databases insecure-by-design. As a result, ransom notes have plagued databases like MongoDB, ElasticSearch, Hadoop, and CouchDB. This session demonstrates security mistakes and prevention. We’ll also look at what NoSQL vendors are doing to mitigate future attacks. Both devs and devops should come to this session, because the last thing either of you want to see is “SEND 0.2 BTC TO THIS ADDRESS 1zaGVjj9NcyvDLyYpCh33Msq TO RECOVER YOUR DATABASE!”

Topic: Web Development

Target Audience: Intermediate

Keywords: security, nosql, database