WASE Learning - NoSQL Injection 2: Fix

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Time
45 minutes
Difficulty
Intermediate

Rangeforce's Secure Coding Lab "WASE Learning - NoSQL Injection 2: Fix" is aimed at removing a NoSQL injection found through a vulnerability assessment. Lab details: The goal of the lab is to fix the authentication. For authentication/authorization, ...

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Overview

Rangeforce's Secure Coding Lab "WASE Learning - NoSQL Injection 2: Fix" is aimed at removing a NoSQL injection found through a vulnerability assessment. Lab details: The goal of the lab is to fix the authentication. For authentication/authorization, there is utilization of Passport authentication middleware, but implementation is not correct. Passwords are being stored in plaintext and the login form allows for NoSQL injection.

NoSQL, or "not only SQL", allows storage and access of data that is modeled alternatively to traditional relational databases. The lab is focused on vulnerability analysis, database remediation, and DevSecOps security. Dive into the website code and try to remove the NoSQL Injection vulnerability in the login form.