WASE Learning - NoSQL Injection 2: Fix
Rangeforce

Time
45 minutes
Difficulty
Intermediate

Rangeforce's Secure Coding Lab "WASE Learning - NoSQL Injection 2: Fix" is aimed at removing a NoSQL injection found through a vulnerability assessment. Lab details: The goal of the lab is to fix the authentication. For authentication/authorization, there is utilization of Passport authentication middleware, but implementation is not correct....

Join over 2 million IT and cyber professionals advancing their careers

OR REGISTER WITH

Google

Already have an account? Sign In »

Overview

Rangeforce's Secure Coding Lab "WASE Learning - NoSQL Injection 2: Fix" is aimed at removing a NoSQL injection found through a vulnerability assessment. Lab details: The goal of the lab is to fix the authentication. For authentication/authorization, there is utilization of Passport authentication middleware, but implementation is not correct. Passwords are being stored in plaintext and the login form allows for NoSQL injection.

NoSQL, or "not only SQL", allows storage and access of data that is modeled alternatively to traditional relational databases. The lab is focused on vulnerability analysis, database remediation, and DevSecOps security. Dive into the website code and try to remove the NoSQL Injection vulnerability in the login form.