Uta Störl scite author profile

A NoSQL injection attack targets interactive Web applications that employ NoSQL database services. These applications accept user inputs and use them to form query statements at runtime. During NoSQL injection attack, an attacker might provide malicious query segments as user input which could result in a different database request. In this paper, a testing tool is presented to detect NoSQL injection attacks in web application which is called "NoSQL Racket". The basic idea of this tool depends on checking the intended structure of the NoSQL query by comparing NoSQL statement structure in code query statement (static code analysis) and runtime query statement (dynamic analysis). But we faced a big challenge, there is no a common query language to drive NoSQL databases like the same way in relational database using SQL as a standardized query language. The proposed tool is tested on four different vulnerable web applications and its effectiveness is compared against three different well known testers, none of them is able to detect any NoSQL Injection attacks. However, the implemented testing tool has the ability to detect the NoSQL injection attacks.

show abstract

Evolution Management of Multi-model Data

Holubová

Klettke

Störl³

2019

View full text Add to dashboard Cite

Backup und Recovery in Datenbanksystemen

Störl¹

2001

View full text Add to dashboard Cite

Managing Schema Evolution in NoSQL Data Stores

Scherzinger¹,

Klettke²,

Störl³

2013

Preprint

View full text Add to dashboard Cite

NoSQL data stores are commonly schema-less, providing no means for globally defining or managing the schema. While this offers great flexibility in early stages of application development, developers soon can experience the heavy burden of dealing with increasingly heterogeneous data. This paper targets schema evolution for NoSQL data stores, the complex task of adapting and changing the implicit structure of the data stored. We discuss the recommendations of the developer community on handling schema changes, and introduce a simple, declarative schema evolution language. With our language, software developers and architects can systematically manage the evolution of their production data and perform typical schema maintenance tasks. We further provide a holistic NoSQL database programming language to define the semantics of our schema evolution language. Our solution does not require any modifications to the NoSQL data store, treating the data store as a black box. Thus, we want to address application developers that use NoSQL systems as database-as-a-service.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Uta Störl

Uncovering the evolution history of data lakes

Query Rewriting for Continuously Evolving NoSQL Databases

NoSQL schema evolution and big data migration at scale

Towards Self-Adapting Data Migration in the Context of Schema Evolution in NoSQL Databases

Datalution: a tool for continuous schema evolution in NoSQL-backed web applications

Evolution Management of Multi-model Data

Backup und Recovery in Datenbanksystemen

Managing Schema Evolution in NoSQL Data Stores

Contact Info

Product

Resources

About