📅 18 May 2025
DOI: 10.62411/jcta.12640
An Empirical Analysis of Injection Attack Vectors and Mitigation Strategies in Redis NoSQL Database
Journal of Computing Theories and Applications
Universitas Dian Nuswantoro
📄 Abstract
The contemporary landscape of data management, marked by an unprecedented scale and velocity of data, has spurred the widespread adoption of NoSQL databases, prioritizing scalability and performance over traditional relational constraints. While offering significant flexibility, this paradigm shift introduces complex cybersecurity challenges, notably query injection vulnerabilities, which are consistently ranked among the top web application security risks. Redis, a leading in-memory key-value store powering critical infrastructure globally, presents a unique security profile due to its architectural design and features like Lua scripting. Despite its prevalence, a comprehensive academic evaluation of Redis injection attack vectors remains understudied. This study addresses this gap by systematically evaluating command and Lua script injection vulnerabilities in Redis version 7.4.1 across controlled configurations: default, password-protected, and ACL-secured environments. We quantify vulnerability risk and empirically validate mitigation strategies by employing a Dockerized testing framework, Python-driven exploit simulations, and CVSS v3.1 scoring. Our findings reveal critical weaknesses in default and permissively configured environments and demonstrate that restrictive Access Control Lists (ACLs), adhering to the principle of least privilege, provide complete mitigation against the specific injection vectors evaluated in our controlled experimental setup. We propose a Redis-specific threat taxonomy and provide empirically validated recommendations for securing Redis deployments, emphasizing layered security controls and proper ACL implementation. This research contributes the first systematic evaluation of modern Redis injection vulnerabilities and highlights the critical importance of security-conscious configurations to protect vital data infrastructure.
🔖 Keywords
#Access Control Lists; Command Injection; Database Security; Lua Script Injection; NoSQL Injection; Redis; Vulnerability Assessment
ℹ️ Informasi Publikasi
Tanggal Publikasi
18 May 2025
Volume / Nomor / Tahun
Volume 2, Nomor 4, Tahun 2025
📝 HOW TO CITE
Musa, Muhammad Nazeer; Irhebhude, Martins Ekata, "An Empirical Analysis of Injection Attack Vectors and Mitigation Strategies in Redis NoSQL Database," Journal of Computing Theories and Applications, vol. 2, no. 4, May. 2025.
ACM
ACS
APA
ABNT
Chicago
Harvard
IEEE
MLA
Turabian
Vancouver
Download Citation
0
Sitasi
Cek Google Scholar