{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T09:47:38Z","timestamp":1770457658264,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427260","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"567-581","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL Services"],"prefix":"10.1145","author":[{"given":"Dario","family":"Ferrari","sequence":"first","affiliation":[{"name":"Politecnico di Milano"}]},{"given":"Michele","family":"Carminati","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Italy"}]},{"given":"Mario","family":"Polino","sequence":"additional","affiliation":[{"name":"Politecnico di Milano"}]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[{"name":"Politecnico di Milano"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[\n  1\n  ]  AWS.2020. https:\/\/aws.amazon.com\/it\/dynamodb. Last accessed: 2020-05-19.  [1] AWS.2020. https:\/\/aws.amazon.com\/it\/dynamodb. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_2_1","unstructured":"AWS. 2020. AWS IP Address Ranges. https:\/\/docs.aws.amazon.com\/general\/latest\/gr\/aws-ip-ranges.html. Last accessed: 2020-05-19.  AWS. 2020. AWS IP Address Ranges. https:\/\/docs.aws.amazon.com\/general\/latest\/gr\/aws-ip-ranges.html. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_3_1","unstructured":"[\n  3\n  ]  Azure.2020. https:\/\/azure.microsoft.com\/it-it\/services\/cosmos-db.  [3] Azure.2020. https:\/\/azure.microsoft.com\/it-it\/services\/cosmos-db."},{"key":"e_1_3_2_1_4_1","volume-title":"Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records. https:\/\/www.wired.com\/story\/cam4-adult-cam-data-leak-7tb\/. Last accessed: 2020-05-19.","author":"Barrett Brian","year":"2020","unstructured":"Brian Barrett . 2020 . Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records. https:\/\/www.wired.com\/story\/cam4-adult-cam-data-leak-7tb\/. Last accessed: 2020-05-19. Brian Barrett. 2020. Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records. https:\/\/www.wired.com\/story\/cam4-adult-cam-data-leak-7tb\/. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_5_1","unstructured":"[\n  5\n  ]  Apache Cassandra.2020. http:\/\/cassandra.apache.org. Last accessed: 2020-05-19.  [5] Apache Cassandra.2020. http:\/\/cassandra.apache.org. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_6_1","unstructured":"[\n  6\n  ]  Apache Cassandra.2020. http:\/\/cassandra.apache.org. Last accessed: 2020-05-19.  [6] Apache Cassandra.2020. http:\/\/cassandra.apache.org. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_7_1","unstructured":"[\n  7\n  ]  Apache Cassandra.2020. http:\/\/cassandra.apache.org\/doc\/latest\/operating\/security.html. Last accessed: 2020-05-19.  [7] Apache Cassandra.2020. http:\/\/cassandra.apache.org\/doc\/latest\/operating\/security.html. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_8_1","unstructured":"Catalin Cimpanu. 2018. Around 75 % of Open Redis Servers Are Infected With Malware. https:\/\/www.bleepingcomputer.com\/news\/security\/around-75-percent-of-open-redis-servers-are-infected-with-malware\/. Last accessed: 2020-05-19.  Catalin Cimpanu. 2018. Around 75 % of Open Redis Servers Are Infected With Malware. https:\/\/www.bleepingcomputer.com\/news\/security\/around-75-percent-of-open-redis-servers-are-infected-with-malware\/. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274736"},{"key":"e_1_3_2_1_10_1","unstructured":"[\n  10\n  ]  db engines.2020. https:\/\/db-engines.com\/en\/ranking. Last accessed: 2020-08-28.  [10] db engines.2020. https:\/\/db-engines.com\/en\/ranking. Last accessed: 2020-08-28."},{"key":"e_1_3_2_1_11_1","unstructured":"[\n  11\n  ]  db engines.2020. https:\/\/db-engines.com\/en\/ranking_definition. Last accessed: 2020-05-19.  [11] db engines.2020. https:\/\/db-engines.com\/en\/ranking_definition. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243794"},{"key":"e_1_3_2_1_13_1","volume-title":"Microsoft Azure, Google Cloud","author":"Dignan Larry","year":"2019","unstructured":"Larry Dignan . 2019. Top cloud providers 2019: AWS , Microsoft Azure, Google Cloud ; IBM makes hybrid move; Salesforce dominates SaaS. https:\/\/www.zdnet.com\/article\/top-cloud-providers- 2019 -aws-microsoft-azure-google-cloud-ibm-makes-hybrid-move-salesforce-dominates-saas\/. Last accessed: 2020-05-19. Larry Dignan. 2019. Top cloud providers 2019: AWS, Microsoft Azure, Google Cloud; IBM makes hybrid move; Salesforce dominates SaaS. https:\/\/www.zdnet.com\/article\/top-cloud-providers-2019-aws-microsoft-azure-google-cloud-ibm-makes-hybrid-move-salesforce-dominates-saas\/. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_14_1","unstructured":"[\n  14\n  ]  Elastic.2020. https:\/\/www.elastic.co. Last accessed: 2020-05-19.  [14] Elastic.2020. https:\/\/www.elastic.co. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_15_1","unstructured":"[\n  15\n  ]  Elastic.2020. https:\/\/www.elastic.co\/elasticsearch\/features. Last accessed: 2020-05-19.  [15] Elastic.2020. https:\/\/www.elastic.co\/elasticsearch\/features. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.31"},{"key":"e_1_3_2_1_17_1","unstructured":"Sergiu Gatlan. 2019. Over 12 000 MongoDB Databases Deleted by Unistellar Attackers. https:\/\/www.bleepingcomputer.com\/news\/security\/over-12-000-mongodb-databases-deleted-by-unistellar-attackers\/. Last accessed: 2020-05-19.  Sergiu Gatlan. 2019. Over 12 000 MongoDB Databases Deleted by Unistellar Attackers. https:\/\/www.bleepingcomputer.com\/news\/security\/over-12-000-mongodb-databases-deleted-by-unistellar-attackers\/. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_18_1","unstructured":"[\n  18\n  ]  Google.2020. https:\/\/cloud.google.com\/datastore. Last accessed: 2020-05-19.  [18] Google.2020. https:\/\/cloud.google.com\/datastore. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_19_1","unstructured":"Google. 2020. Google Compute Engine FAQ. https:\/\/cloud.google.com\/compute\/docs\/faq. Last accessed: 2020-05-19.  Google. 2020. Google Compute Engine FAQ. https:\/\/cloud.google.com\/compute\/docs\/faq. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_20_1","volume-title":"2011 6th international conference on pervasive computing and applications. IEEE, 363\u2013366","author":"Han Jing","year":"2011","unstructured":"Jing Han , Ee Haihong , Guan Le , and Jian Du . 2011 . Survey on NoSQL database . In 2011 6th international conference on pervasive computing and applications. IEEE, 363\u2013366 . Jing Han, Ee Haihong, Guan Le, and Jian Du. 2011. Survey on NoSQL database. In 2011 6th international conference on pervasive computing and applications. IEEE, 363\u2013366."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCloud.2016.57"},{"key":"e_1_3_2_1_22_1","unstructured":"[\n  22\n  ]  ipv4info.2020. http:\/\/ipv4info.com\/. Last accessed: 2020-05-19.  [22] ipv4info.2020. http:\/\/ipv4info.com\/. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243858"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/IC3TSN.2017.8284495"},{"key":"e_1_3_2_1_25_1","unstructured":"Microsoft. 2020. Azure IP Ranges and Service Tags \u2013 Public Cloud. https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=56519. Last accessed: 2020-05-19.  Microsoft. 2020. Azure IP Ranges and Service Tags \u2013 Public Cloud. https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=56519. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_26_1","unstructured":"[\n  26\n  ]  MongoDB.2020. https:\/\/www.mongodb.com. Last accessed: 2020-05-19.  [26] MongoDB.2020. https:\/\/www.mongodb.com. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_27_1","unstructured":"[\n  27\n  ]  MongoDB.2020. https:\/\/www.mongodb.com\/what-is-mongodb. Last accessed: 2020-05-19.  [27] MongoDB.2020. https:\/\/www.mongodb.com\/what-is-mongodb. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_28_1","unstructured":"[\n  28\n  ]  MongoDB.2020. https:\/\/docs.mongodb.com\/manual\/security\/. Last accessed: 2020-05-19.  [28] MongoDB.2020. https:\/\/docs.mongodb.com\/manual\/security\/. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERVICES.2014.19"},{"key":"e_1_3_2_1_30_1","unstructured":"Nmap. 2020. Nmap Network Scanning: A Quick Port Scanning Tutorial. https:\/\/nmap.org\/book\/port-scanning-tutorial.html. Last accessed: 2020-05-19.  Nmap. 2020. Nmap Network Scanning: A Quick Port Scanning Tutorial. https:\/\/nmap.org\/book\/port-scanning-tutorial.html. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2011.70"},{"key":"e_1_3_2_1_32_1","unstructured":"Dan O\u2019Sullivan. 2017. System shock: How a cloud leak exposed accenture\u2019s business. https:\/\/www.upguard.com\/breaches\/cloud-leak-accenture. Last accessed: 2020-05-19.  Dan O\u2019Sullivan. 2017. System shock: How a cloud leak exposed accenture\u2019s business. https:\/\/www.upguard.com\/breaches\/cloud-leak-accenture. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_33_1","unstructured":"[\n  33\n  ]  Redis.2020. https:\/\/redis.io. Last accessed: 2020-05-19.  [33] Redis.2020. https:\/\/redis.io. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_34_1","unstructured":"[\n  34\n  ]  Redis.2020. https:\/\/redis.io\/topics\/introduction. Last accessed: 2020-05-19.  [34] Redis.2020. https:\/\/redis.io\/topics\/introduction. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_35_1","unstructured":"[\n  35\n  ]  Redis.2020. https:\/\/redis.io\/topics\/security. Last accessed: 2020-05-19.  [35] Redis.2020. https:\/\/redis.io\/topics\/security. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_36_1","unstructured":"Aviv Ron Alexandra Shulman-Peleg and Emanuel Bronshtein. 2015. No sql no injection? examining nosql security. arXiv preprint arXiv:1506.04082(2015).  Aviv Ron Alexandra Shulman-Peleg and Emanuel Bronshtein. 2015. No sql no injection? examining nosql security. arXiv preprint arXiv:1506.04082(2015)."},{"key":"e_1_3_2_1_37_1","unstructured":"[\n  37\n  ]  Shodan.2020. https:\/\/shodan.io. Last accessed: 2020-05-19.  [37] Shodan.2020. https:\/\/shodan.io. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.52"},{"key":"e_1_3_2_1_39_1","unstructured":"[\n  39\n  ]  Tencent.2020. https:\/\/intl.cloud.tencent.com\/product\/mongodb. Last accessed: 2020-05-19.  [39] Tencent.2020. https:\/\/intl.cloud.tencent.com\/product\/mongodb. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_40_1","unstructured":"Liam Tung. 2017. First came mass MongoDB ransacking: Now copycat ransoms hit Elasticsearch. https:\/\/www.zdnet.com\/article\/first-came-mass-mongodb-ransacking-now-copycat-ransoms-hit-elasticsearch. Last accessed: 2020-05-19.  Liam Tung. 2017. First came mass MongoDB ransacking: Now copycat ransoms hit Elasticsearch. https:\/\/www.zdnet.com\/article\/first-came-mass-mongodb-ransacking-now-copycat-ransoms-hit-elasticsearch. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_41_1","unstructured":"Liam Tung. 2017. MongoDB ransacked: Now 27 000 databases hit in mass ransom attacks. https:\/\/www.zdnet.com\/article\/mongodb-ransacked-now-27000-databases-hit-in-mass-ransom-attacks\/. Last accessed: 2020-05-19.  Liam Tung. 2017. MongoDB ransacked: Now 27 000 databases hit in mass ransom attacks. https:\/\/www.zdnet.com\/article\/mongodb-ransacked-now-27000-databases-hit-in-mass-ransom-attacks\/. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_42_1","unstructured":"Liam Tung. 2017. MongoDB ransacking starts again: Hackers ransom 26 000 unsecured instances. https:\/\/www.zdnet.com\/article\/mongodb-ransacking-starts-again-hackers-ransom-26000-unsecured-instances. Last accessed: 2020-05-19.  Liam Tung. 2017. MongoDB ransacking starts again: Hackers ransom 26 000 unsecured instances. https:\/\/www.zdnet.com\/article\/mongodb-ransacking-starts-again-hackers-ransom-26000-unsecured-instances. Last accessed: 2020-05-19."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522727"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/CIACS.2014.6861323"},{"key":"e_1_3_2_1_45_1","unstructured":"Adam Zewe. 2020. Students find website data leaks pose greater risks than most people realize. https:\/\/www.seas.harvard.edu\/news\/2020\/01\/imperiled-information. Last accessed: 2020-05-19.  Adam Zewe. 2020. Students find website data leaks pose greater risks than most people realize. https:\/\/www.seas.harvard.edu\/news\/2020\/01\/imperiled-information. Last accessed: 2020-05-19."}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","location":"Austin USA","acronym":"ACSAC '20"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427260","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427260","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:24Z","timestamp":1750197744000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427260"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":45,"alternative-id":["10.1145\/3427228.3427260","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427260","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}