(No)SQL Timing Attacks for Data Retrieval
Author: Ivan Novikov
The author will focus on various search algorithms in SQL and NoSQL databases (binary search hashes, etc.). The goal of the research was to explore these algorithms to perform timing attacks for data retrieval purposes.
Such attacks can be used mainly in the field of web applications. For example, key-value storage is often used for storing user sessions. The conceptual attack can be, in this case, getting foreign session based on the time of creation of new sessions.
Ivan Novikov is CEO and lead security expert of Wallarm. Ivan has been engaged in research in the field of web applications security since 2004, published numerous researches in the field of web application security. He has rewards from various bug hunting programs, such as Google, Facebook, Twitter, Nokia and Yandex. Currently, he is actively engaged in the development of a self-learning web application firewall system.