💉 The API injection nightmare

Injection

Your customer success team mentions that the new API-powered search feature is incredibly fast - customers love finding their data instantly.

Then you notice unusual API response times and investigate the MongoDB query logs.

Someone has been sending complex JSON payloads to your search API that aren't normal search terms.

The payloads are NoSQL injection attacks, and they've successfully extracted customer records, payment data, and admin user details from your database through your own API.

Technical Issue: Your search API directly passes user input to MongoDB queries without sanitisation. Attackers discovered they could send crafted JSON objects that modify the database query logic, allowing them to extract any data from the database through the search API.

What's your immediate first move?

Immediately implement input sanitisation on the API

Add validation to prevent malicious queries reaching the database

Implement strict rate limiting on the search API

Slow down the attacker while you investigate the vulnerability

Add detailed logging to track malicious API requests

Understand what data is being accessed through injection attacks

Temporarily disable the search API entirely

Protect the data by taking the vulnerable endpoint offline

← Select different scenario