DAY 1, 27 March
11:00 - 11:45

Security

Svyatoslav-Login-150x150
QA Lead and Security QA
Evo.company
Ukraine
Russian
Middle

ABOUT THE SPEAKER

Overall experience in testing for more than 6 years.
Been searching for Web vulnerabilities for more than 3 years
Speaker of multiple testing conferences
Currently working at Evo.company, on a Prom + project on the Core team, which is developing:
- CMS for sellers
- Online chat buyer-seller
- API for those who need to connect to their CRM system
- API for mobile applications on IOS and Android
QA Security trainer at Evo.company

SPEECH: Sql vs NoSql injection

Database security is a critical aspect of the information security of a web application. Access to databases gives attackers control over your customer data. Attacks using SQL injections inject malicious code into the statements that the application passes to the database level. This allows attackers to do almost everything with data, including access to unauthorized data, as well as changing, deleting and inserting data. This vulnerability and databases with the NoSql type did not bypass. NoSQL storage systems have become very popular due to their scalability and ease of use. Although the new data models and query formats in NoSQL data warehouses make old attacks, such as SQL injections, irrelevant, they give attackers new opportunities to inject malicious code. Which I will talk about in my talk ...