Injection: NoSQL Injection¶

Identifier: frontend_nosql_injection

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

NoSQL injection vulnerabilities occur when frontend applications build NoSQL queries using untrusted user input, allowing attackers to manipulate queries and potentially access or modify sensitive data.

How we test: We inject NoSQL injection payloads into frontend request parameters and analyze responses to detect if NoSQL queries are executed. We test for various NoSQL injection techniques and check if user input is properly validated before being used in database queries.

References:

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  frontend_nosql_injection:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.