| Title | Security assessment of Nosql Mongodb, Redis and Cassandra database managers |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Sánchez, Ricardo Andrés González, Bernal, Davor Julián Moreno, Parada, Hector Dario Jaimes |
| Conference Name | 2021 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI) |
| Keywords | composability, data privacy, Data security, Databases, Documentation, Human Behavior, information system, Metrics, NoSQL databases, Protocols, Prototypes, pubcrawl, relational database security, resilience, Resiliency, Structured Query Language, Tools |
| Abstract | The advancement of technology in the creation of new tools to solve problems such as information storage generates proportionally developing methods that search for security flaws or breaches that compromise said information. The need to periodically generate security reports on database managers is given by the complexity and number of attacks that can be carried out today. This project seeks to carry out an evaluation of the security of NoSQL database managers. The work methodology is developed according to the order of the objectives, it begins by synthesizing the types of vulnerabilities, attacks and protection schemes limited to MongoDB, Redis and Apache Cassandra. Once established, a prototype of a web system that stores information with a non-relational database will be designed on which a series of attacks defined by a test plan will be applied seeking to add, consult, modify or eliminate information. Finally, a report will be presented that sets out the attacks carried out, the way in which they were applied, the results, possible countermeasures, security advantages and disadvantages for each manager and the conclusions obtained. Thus, it is possible to select which tool is more convenient to use for a person or organization in a particular case. The results showed that MongoDB is more vulnerable to NoSQL injection attacks, Redis is more vulnerable to attacks registered in the CVE and that Cassandra is more complex to use but is less vulnerable. |
| DOI | 10.1109/CONIITI53815.2021.9619597 |
| Citation Key | sanchez_security_2021 |
Security assessment of Nosql Mongodb, Redis and Cassandra database managers