close search bar

Sorry, not available in this language yet

close language selection

Securing MongoDB

Description

MongoDB is the leading document-oriented, or NoSQL, database on the market today. It is commonly used for very quick transactional websites, but the security profile is not that well understood. In this course, we’ll cover some of the best ways to solidify your security profile. 

Learning Objectives

  • Correctly configure a MongoDB instance to defend against known attacks.
  • Build code to access a MongoDB database that prevents known attacks.
  • Design and develop effective MongoDB authentication and authorization.
  • Test a MongoDB implementation against known attacks.

Details

Delivery Format: eLearning

Duration: 45 minutes

Level: Intermediate

Intended Audience:

  • Back-End Developers
  • Mobile Developers

Prerequisites: OWASP Top 10

Course Outline

Introduction to Securing MongoDB

  • Community Edition vs. Enterprise Editio
  • Following Along with the Course

Install MongoDB the Proper Way

  • Add MongoDB Repository Key
  • Add Package Information
  • Install Official MongoDB Packages
  • Connecting to the MongoDB Shell

Enable MongoDB Access Control

  • Create a Root User
  • Enable Access Control

MongoDB Role-Based Access Control

  • Built-In Roles
  • Managing Users and Roles
  • Collection Level Access Control
  • Restrict Access to Documents
  • Restrict Access to Fields

Encrypt Network Traffic

  • Create Root Certificate Authority
  • Create a Server Certificate       
  •  Create a Client Certificate
  • Enable TLS
  • Connect to MongoDB Securely

Encrypt the MongoDB Database

  • Configure Encryption
  • Create a Local Key
  • Configure Encryption to Use a Local Key
  • Configure Encryption to Use a Key Manager

Additional Security Precautions

  • Update MongoDB Regularly
  • Change the Port MongoDB Listens On
  • Disable Execution of JavaScript
  • Restrict Authentication Mechanism
  • Audit Existing MongoDB Configuration

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster