mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-05 15:29:01 +03:00
20 lines
1.1 KiB
Markdown
20 lines
1.1 KiB
Markdown
# Standards & References — NoSQL Injection
|
|
|
|
## Industry Standards
|
|
- **OWASP Top 10 2021 A03** — Injection (includes NoSQL injection)
|
|
- **OWASP Testing Guide** — Testing for NoSQL Injection (WSTG-INPV-05.6)
|
|
- **CWE-943** — Improper Neutralization of Special Elements in Data Query Logic
|
|
- **MITRE ATT&CK T1190** — Exploit Public-Facing Application
|
|
|
|
## Technical References
|
|
- PortSwigger Web Security Academy: https://portswigger.net/web-security/nosql-injection
|
|
- OWASP NoSQL Testing Guide: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection
|
|
- PayloadsAllTheThings NoSQL: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection
|
|
- MongoDB Security Checklist: https://www.mongodb.com/docs/manual/administration/security-checklist/
|
|
- HackTricks NoSQL: https://book.hacktricks.xyz/pentesting-web/nosql-injection
|
|
|
|
## Tools
|
|
- NoSQLMap: https://github.com/codingo/NoSQLMap
|
|
- nosqli: https://github.com/Charlie-belmer/nosqli
|
|
- MongoDB documentation on query operators: https://www.mongodb.com/docs/manual/reference/operator/query/
|