Comparative Security Vulnerability Analysis of NoSQL and SQL Database Using MongoDB and MariaDB

  IJCTT-book-cover
 
International Journal of Computer Trends and Technology (IJCTT)          
 
© 2019 by IJCTT Journal
Volume-67 Issue-10
Year of Publication : 2019
Authors : Jeremiah Oluwagbemi Abimbola, Osuolale A. Festus
DOI :  10.14445/22312803/IJCTT-V67I10P104

MLA

MLA Style:Jeremiah Oluwagbemi Abimbola, Osuolale A. Festus  "Comparative Security Vulnerability Analysis of NoSQL and SQL Database Using MongoDB and MariaDB," International Journal of Computer Trends and Technology 67.10 (2019):20-24.

APA Style Jeremiah Oluwagbemi Abimbola, Osuolale A. Festus. Comparative Security Vulnerability Analysis of NoSQL and SQL Database Using MongoDB and MariaDB International Journal of Computer Trends and Technology, 67(10),20-24.

Abstract
Security is a growing concern for any system from desktop to web applications. As data increases, there must be a database system that can safely deal with the current need. However, with update in database systems, comes vulnerabilities. Hence, the need to continuously keep this research in motion. This paper presents a comprehensive study of potential security vulnerabilities and challenges for two databases. A detailed comparison between traditional SQL and NoSQL databases is provided and identification of a set of vulnerabilities specific to representative database applications using MongoDB and MariaDB.Examples of attacks and mitigation techniques are also provided, the discussion and results shown helps database administrators and application developers increase awareness of arising threats while deploying SQL and NoSQL databases.

Reference
[1] M. Rouse, "Search SQL Server," 19 February 2019. [Online]. Available: https://searchsqlserver.techtarget.com/definition/database. [Accessed 15 April 2019].
[2] X. Wei, "Analysis of Web-based Network Database Security Technology," Agricultural Technology and Equipment, vol. 02, pp. 32-34 , 2019.
[3] C. Osborne, "ZDNet," 23 June 2013. [Online]. Available: https://www.zdnet.com/article/the-top-ten-most-common-database-security-vulnerabilities/. [Accessed 1 May 2019].
[4] Hossain Shahriar, Hisham M. Haddad, "Security Vulnerabilities of NoSQL and SQL Databases for MOOC Applications," International Journal of Digital Society (IJDS), vol. 8, no. 1, March 2017.
[5] MongoDB, "MongoDB," [Online]. Available: https://docs.mongodb.com/manual/core/security-encryption-at-rest/. [Accessed 1 May 2019].
[6] TownsendSecurity, "Townsend Security," [Online]. Available: https://info.townsendsecurity.com/mongodb-encryption-key-management-definitive-guide. [Accessed 1 May 2019].
7] David Kirkpatrick, "Mongodb - Security Weaknesses in a typical NoSQL database," 21 March 2013. [Online]. Available: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/mongodb-security-weaknesses-in-a-typical-nosql-database/. [Accessed 1 May 2019].
[8] MongoDB, [Online]. Available: https://docs.mongodb.com/manual/core/auditing/. [Accessed 1 May 2019].
[9] Maria Db, "Why Encrypt MariaDB Data?," [Online]. Available: https://mariadb.com/kb/en/library/why-encrypt-mariadb-data/. [Accessed 9 May 2019].
[10] "Securing Communications in Galera Cluster," [Online]. Available: https://mariadb.com/kb/en/library/securing-communications-in-galera-cluster/. [Accessed 9 May 2019].
[11] Aviv Ron, Alexandra Shulman-Peleg ,Anton Puzanov , "Analysis and Mitigation of NoSQL Injections," 18 Jan 2017. [Online]. Available: https://www.infoq.com/articles/nosql-injections-analysis. [Accessed 12 May 2019].
[12] Tutorial Point, "MariaDB - SQL Injection Protection," [Online]. Available: https://www.tutorialspoint.com/mariadb/mariadb_sql_injection_protection.htm. [Accessed 12 May 2019].
[13] G. Menegaz, "Zdnet," 1 October 2012. [Online]. Available: https://www.zdnet.com/article/what-is-nosql-and-why-do-you-need-it/.
[14] A. W. M.W. Grim, "Security and Performance Analysis of Encrypted NoSQL Databases," Security of Systems and Networks, pp. 10-14, 12 February 2017.
[15] O. H. A.-T. H. M. E.-B. A. S. S. Ahmed M. Eassa, "NoSQL Racket: A Testing Tool for Detecting NoSQL Injection Attacks in Web Applications," (IJACSA) International Journal of Advanced Computer Science and Applications, vol. 8, no. 11, p. 615, 2017.
[16] Z. Xiangrong, "Analysis of Database SQL Injection and Its Security Protection," Journal of Taiyuan University (Natural Science Edition), vol. 35, no. 03, pp. 60-62+76, 2017.
[17] Y. Xiaoyan and G. Mei, "Research on NoSQL Non-relational Database Security Based on Hadoop," Microcomputer applications , vol. 34 , no. 12, pp. 43-45, 2018.
[18] Apptunix, https://www.apptunix.com/blog/sql-or-nosql-database/.

Keywords
security, database, SQL, NoSQL, vulnerability