Security Test: NoSQL Injection Stored¶
Description¶
Default Severity:
Stored NoSQL injection happens when an application saves untrusted user input directly into a database query without proper checking. This oversight lets attackers sneak harmful commands into the query, which can lead to unauthorized reading, altering, or even removal of data. Developers often pitfall by assuming inputs are safe without properly validating or sanitizing them. When malicious code is stored, it might be executed repeatedly, opening the door for continuous attacks that could compromise sensitive data and disrupt operations.
Reference:
Configuration¶
Identifier:
frontend_injection/nosql_stored
Examples¶
All configuration available:
checks:
frontend_injection/nosql_stored:
skip: false # default
options:
skip_objects: # cf. Options below
Options¶
Options can be set in the options key of the Security Test Configuration.
| Property | Type | Default | Description |
|---|---|---|---|
skip_objects | Frontend_array | List of object that are to be skipped by the security test. |
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API9:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-6 |
| CWE | 943 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C |
| CVSS Score | 9.4 |