MongoDB: NoSQL Injection & Security

A list of resources about NoSQL injection in general and PHP and MongoDB security specifically.

Intro: NoSQL Databases

NoSQL databases such as MongoDB are used more and more, but there isn’t a lot of information about the security of specific NoSQL databases or the security of NoSQL in general. The direction it seems to be going is: It’s not SQL, so SQL injection is not possible, so it is secure. This is of course not true at all. The damage that can be achieved with NoSQL injections does seem to be smaller than that of SQL injection, but that does not mean that developers should not care about it. Continue