Please use this identifier to cite or link to this item: http://hdl.handle.net/10603/287170
Full metadata record
DC FieldValueLanguage
dc.coverage.spatial
dc.date.accessioned2020-04-01T09:07:07Z-
dc.date.available2020-04-01T09:07:07Z-
dc.identifier.urihttp://hdl.handle.net/10603/287170-
dc.description.abstractIn recent years, the usage of information technology has unexpectedly increased resulting in huge data generation. Many companies have taken the initiative to use a non-relational database for managing the data. NoSQL database gaining popularity due to its powerful features like scalability, flexibility, faster data access and availability. newlineIn today s world generation of data is a very rapid speed and there is a requirement to check every piece of data to maintain secure environment. The security of the database is a challenging task for companies. However, monitoring every piece of data is very expensive for a time as well as for money. Although it slows down the data transaction. There is one solution to resolve this problem is to check the input before entering into the database. newlineThe injection is the malicious query that is entered using the input box or Uniform Resource Locator. The injection is a method by which a hacker can attack the database or even crash the database. Most of the companies are migrating their database from relational databases to non-relational databases. Malicious attacks are mostly done by input box. When attacker gets access to the database then there is dangerous amount of control over the database, even the attacker can deface the database. For execution, malicious code used as a variable. The program starts to find value on the basis of user input. When malicious code is executed then it always brings true results. As a result, Hackers will get all data without passing input. newlineThe injection is one of the hacking methods that is used by the attacker on traditional Structured Query Language database. For example, SQL injection can completely destroy the database and generally it is used for data-driven applications. SQL injection usually occurs in the input box. But nowadays, generation of data is occurring at a very rapid speed. So, most of the companies are migrating their database from SQL to NoSQL database. Although injection can also be executed in the NoSQL database. There are various methods to implement injection in the NoSQL database. newlineNoSQL injection refers to an injection attack by which hackers can enter malicious code into the input box in terms of NoSQL query. Thus Hackers get the information of the database by executing injection successfully. In NoSQL injection, the attacker takes the benefit of unsanitized input character in NoSQL statement and inject arbitrary data into the query that will be executing the database engine newlineIn MongoDB, queries and data are represented in JavaScript Object Notation format which is more secure than SQL. It is very simple to encode and decode the data in terms of JSON. It has the ability to run javascript in the database engine to perform complicated queries like MapReduce. MongoDB NoSQL database, lacked security functionality when they first emerged. MongoDB is used by those projects that deal with big data. Day by day, MongoDB is gaining more and more popularity for companies because it can store a huge amount of big data. newlineInjection on NoSQL database has been analyzed. MongoDB is very secure and powerful NoSQL database. The demonstration of basic NoSQL injection attack, advance NoSQL injection attack and defense methods are mentioned to secure the NoSQL database. Defense methods are mentioned using Php and javascript. In this way, the NoSQL database programmer is aware of the NoSQL injection attack mechanism and creates a more secure database to store huge data. newlineSo, the study shows that MongoDB is still vulnerable to JSON injection attacks. Even they offer the looser consistency restrictions, horizontal scaling. newline9 attacks have been implemented on the web site. Dataset of 115 websites has been taken. This dataset has been analyzed based on the amount of data, type of data, vulnerability level, various types of code injection and categories of web sites. The data like user name, password, result, phone no, bank account no, admin login, address can be retrieved and changed from this data set. Data is divided into different categories like Educational websites, Healthcare websites, Informational web sites, etc. This data set analyzed that educational web sites are more prone to log in bypass authentication attacks. newlineThis study shall prove very beneficial to web developers, web administrators and research community to ensure the security of their websites using the framework discussed in the study. newline
dc.format.extent
dc.languageEnglish
dc.relation
dc.rightsuniversity
dc.titleStudy of Attack Taxonomy and Novel Security Framework in NOSQL Database
dc.title.alternative
dc.creator.researcherVrinda
dc.description.note
dc.contributor.guideSachin Gupta
dc.publisher.placeHaryana
dc.publisher.universityMVN University,Palwal
dc.publisher.institutionComputer Science Engineering
dc.date.registered27/09/2014
dc.date.completed2019
dc.date.awarded
dc.format.dimensions
dc.format.accompanyingmaterialDVD
dc.source.universityUniversity
dc.type.degreePh.D.
Appears in Departments:Computer Science Engineering

Files in This Item:
File Description SizeFormat 
chapter1.pdfAttached File714.69 kBAdobe PDFView/Open
chapter2.pdf559.18 kBAdobe PDFView/Open
chapter3.pdf1.8 MBAdobe PDFView/Open
chapter4.pdf599.17 kBAdobe PDFView/Open
chapter5.pdf582.45 kBAdobe PDFView/Open
chapter6.pdf772.72 kBAdobe PDFView/Open
chapter7.pdf735.59 kBAdobe PDFView/Open
title.pdf13.9 kBAdobe PDFView/Open
toc.pdf380.32 kBAdobe PDFView/Open


Items in Shodhganga are licensed under Creative Commons Licence Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).

Altmetric Badge: