{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T22:04:09Z","timestamp":1769724249408,"version":"3.49.0"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031490989","type":"print"},{"value":"9783031490996","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-49099-6_4","type":"book-chapter","created":{"date-parts":[[2023,12,8]],"date-time":"2023-12-08T06:02:34Z","timestamp":1702015354000},"page":"57-76","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Survey on Security Threats and Mitigation Strategies for NoSQL Databases"],"prefix":"10.1007","author":[{"given":"Surabhi","family":"Dwivedi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"R.","family":"Balaji","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Praveen","family":"Ampatt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"S. D.","family":"Sudarsan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,12,9]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Brewer, E.A.: Towards robust distributed systems. In: PODC, vol. 7 (2000)","DOI":"10.1145\/343477.343502"},{"key":"4_CR2","unstructured":"Db engines. https:\/\/db-engines.com\/en\/ranking. Accessed 02 Sept 2022"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Okman, L., Gal-Oz, N., Gonen, Y., Gudes, E., Abramov, J.: Security Issues in NoSQL Databases. In: 10th International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China, 2011 (2011)","DOI":"10.1109\/TrustCom.2011.70"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Sicari, S., Rizzardi, A., Coen-Porisini, A.: Security& privacy issues and challenges in NoSQL databases. Comput. Netw. Int. J. Comput. Telecommun. Netw. 206(C), 341 (2022)","DOI":"10.1016\/j.comnet.2022.108828"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Fahd, K., Venkatraman, S., Hammeed, F.K.: A comparative study of NOSQL system vulnerabilities with big data. Int. J. Managing Inf. Technol. (IJMIT), 11(4), 1\u201319 (2019)","DOI":"10.5121\/ijmit.2019.11401"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Ron, A., Shulman-Peleg, A., Puzanov, A.: Analysis and mitigation of NoSQL injections. IEEE Secur. Priv. 14(2), 30\u201339 (2016)","DOI":"10.1109\/MSP.2016.36"},{"key":"4_CR7","unstructured":"Zdnet. https:\/\/www.zdnet.com\/article\/chinese-companies-have-leaked-over-590-million-resumes-via-open-databases\/. Accessed 02 July 2023"},{"key":"4_CR8","unstructured":"Bleeping computer. https:\/\/www.bleepingcomputer.com\/news\/security\/russian-streaming-platform-confirms-data-breach-affecting-75m-users\/. Accessed 09 July 2023"},{"key":"4_CR9","unstructured":"Bleeping computer. https:\/\/www.bleepingcomputer.com\/news\/security\/over-275-million-records-exposed-by-unsecured-mongodb-database\/. Accessed 09 July 2023"},{"key":"4_CR10","unstructured":"Cpomagazine. https:\/\/www.cpomagazine.com\/cyber-security\/toyota-connected-service-decade-long-data-leak-exposed-2-15-million-customers\/. Accessed 18 July 2023"},{"key":"4_CR11","unstructured":"Bleeping computer. https:\/\/www.bleepingcomputer.com\/news\/security\/redis-mongodb-and-elastic-2022-s-top-exposed-databases\/. Accessed 18 July 2023"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Imam, A.A., Basri, S., Gonz\u00e1lez-Aparicio, M.T., Balogun, A.O., Kumar, G.: NoInjection: preventing unsafe queries on NoSQL-document-model databases. In: 2nd International Conference on Computing and Information Technology (ICCIT) (2022)","DOI":"10.1109\/ICCIT52419.2022.9711654"},{"key":"4_CR13","unstructured":"Ron, A., Shulman-Peleg, A., Bronshtein, E: No SQL, No Injection? Examining NoSQL Security"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Hou, B., Qian, K., Li, L., Shi, Y., Tao, L., Liu, J.: MongoDB NoSQL Injection Analysis and Detection. In: IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), 2016 (2016)","DOI":"10.1109\/CSCloud.2016.57"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"A survey on detection and prevention of SQL and NoSQL injection attack on server-side applications. Int. J. Comput. Appl. (0975 - 8887), 183 (2021)","DOI":"10.5120\/ijca2021921396"},{"key":"4_CR16","unstructured":"Invicti. https:\/\/www.invicti.com\/blog\/web-security\/what-is-nosql-injection\/. Accessed 07 Nov 2022"},{"key":"4_CR17","unstructured":"Spiegel, P.: NoSQL injection fun with objects and arrays (2022). https:\/\/owasp.org\/www-pdf-archive\/GOD16-NOSQL.pdf"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Databases security issues - a short analysis on the emergent security problems generated by NoSQL databases. Economic Computation and Economic Cybernetics Studies and Research 53(3) (2019)","DOI":"10.24818\/18423264\/53.3.19.07"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Rodr\u00edguez, G.E., Torres, J.G., Flores, P., Benavides, D.E.: Cross-site scripting (XSS) attacks and mitigation: a survey. Comput. Netw. 166, 106960 (2020)","DOI":"10.1016\/j.comnet.2019.106960"},{"key":"4_CR20","unstructured":"OWASP. https:\/\/owasp.org\/www-project-web-security-testing-guide\/v41\/4-Web_Application_Security_Testing\/09-Testing_for_Weak_Cryptography\/01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection. Accessed 28 July 2023"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11426639_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19\u201335. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_2"},{"key":"4_CR22","unstructured":"Qualys. https:\/\/blog.qualys.com\/product-tech\/2013\/03\/19\/rc4-in-tls-is-broken-now-what. Accessed 09 July 2023"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Zugaj, W., Beichler, A.S.: Analysis of standard security features for selected NoSQL systems. Am. J. Inf. Sci. Technol. (2019)","DOI":"10.11648\/j.ajist.20190302.12"},{"key":"4_CR24","unstructured":"Meow attack. https:\/\/www.bleepingcomputer.com\/news\/security\/new-meow-attack-has-deleted-almost-4-000-unsecured-databases\/. Accessed 02 Oct 2023"},{"key":"4_CR25","unstructured":"Hackernoon. https:\/\/hackernoon.com\/learnings-from-the-meow-bot-attack-on-our-mongodb-databases-y22q3zs8. Accessed 12 Oct 2023"},{"key":"4_CR26","unstructured":"Techtarget. https:\/\/www.techtarget.com\/searchsecurity\/news\/252486971\/Meow-attacks-continue-thousands-of-databases-deleted. Accessed 9 Oct 2023"},{"key":"4_CR27","doi-asserted-by":"publisher","unstructured":"Osborn, S.L., Servos, D., Shermin, M.: Issues in access control and privacy for big data. In: Meyers, R.A. (eds.) Encyclopedia of Complexity and Systems Science, pp. 1\u20139. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-642-27737-5_752-1","DOI":"10.1007\/978-3-642-27737-5_752-1"},{"key":"4_CR28","unstructured":"MongoDB docs. https:\/\/www.mongodb.com\/docs\/drivers\/go\/current\/fundamentals\/auth\/. Accessed 22 June 2023"},{"key":"4_CR29","unstructured":"MongoDB manual. https:\/\/www.mongodb.com\/docs\/manual\/. Accessed 22 June 2023"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Ajayi, O.O., Adebiyi, T.O.: Application of data masking in achieving information privacy. IOSR J. Eng. (IOSRJEN) 4(2), 13\u201321 (2014)","DOI":"10.9790\/3021-04211321"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Cuzzocrea, A., Shahriar, H.: Data masking techniques for NoSQL database security: a systematic review. In: 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, USA (2017)","DOI":"10.1109\/BigData.2017.8258486"},{"key":"4_CR32","unstructured":"Git hub Data masking. https:\/\/github.com\/pkdone\/mongo-data-masking. Accessed 06 July 2023"},{"key":"4_CR33","unstructured":"Mozilla docs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CORS. Accessed 18 July 2023"},{"key":"4_CR34","doi-asserted-by":"crossref","unstructured":"Lavrenovs, A., Mel\u00f3n, F.J.R.: HTTP security headers analysis of top one million websites. In: 10th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia (2018)","DOI":"10.23919\/CYCON.2018.8405025"},{"key":"4_CR35","unstructured":"MongoDB manual. https:\/\/www.mongodb.com\/docs\/manual\/core\/security-transport-encryption\/. Accessed 04 July 2023"},{"key":"4_CR36","unstructured":"MongoDB manual, CSFLE. https:\/\/www.mongodb.com\/docs\/manual\/core\/csfle\/. Accessed 16 July 2023"},{"key":"4_CR37","unstructured":"CouchDB homepage. https:\/\/couchdb.apache.org\/. Accessed 19 June 2023"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-49099-6_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,8]],"date-time":"2023-12-08T06:05:17Z","timestamp":1702015517000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-49099-6_4"}},"subtitle":["MongoDB as a Use Case"],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031490989","9783031490996"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-49099-6_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"9 December 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Raipur","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iciss.isrdc.in\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}