Abstract
Injection attacks remain yet one of the major challenges in non-relational data stores or NoSQL databases. Indeed, such databases are intended to store big data and are classified into four categories; Key-values Stores, Wide Column Stores, Document Stores, and Graph Databases. The different vulnerabilities of these NoSQL databases have attracted many researchers to attempt solving or mitigating this problem. Unfortunately, extensive experiments have revealed that all proposed approaches and techniques are away from the expectations. This is due mainly to their focusing only either on some parts of the problem or on a specific NoSQL engine. In this paper, we propose an open tool architecture which can take into consideration any NoSQL engines belonging to the four data stores categories whatever the programming language used. The proposed tool architecture is able to detect first vulnerable statements in the static mode on the developer side. Second, it detects also automatically injection attacks during run-time on the server side thanks to the added instrumenting statements during the first control (static mode). The easy expansion and adaptation of the proposed tool to any NoSQL engine and/or any kind of attacks and/or programming languages makes it very attractive compared the existing ones. Indeed nowadays, we observe the emergence of new kinds of attacks once a new security approach or framework or technique is proposed.