NoSQL Injection Attack Detection in Web Applications Using RESTful Service

Despite the extensive research of using web services for security purposes, there is a big challenge towards finding a no radical solution for NoSQL injection attack. This paper presents an independent RESTful web service in a layered approach to detect NoSQL injection attacks in web applications. The proposed method is named DNIARS. DNIARS depends on comparing the generated patterns from NoSQL statement structure in static code state and dynamic state. Accordingly, the DNIARS can respond to the web application with the possibility of NoSQL injection attack. The proposed DNIARS was implemented in PHP plain code and can be considered as an independent framework that has the ability for responding to different requests formats like JSON, XML. To evaluate its performance, DNIARS was tested using the most common testing tools for RESTful web service. According to the results, DNIARS can work in real environments where the error rate did not exceed 1%.