Search for collections on FTS Digilib

+ Advanced search

An Empirical Analysis of Injection Attack Vectors and Mitigation Strategies in Redis NoSQL Database

Musa, Muhammad Nazeer and Irhebhude, Martins Ekata (2025) An Empirical Analysis of Injection Attack Vectors and Mitigation Strategies in Redis NoSQL Database. Journal of Computing Theories and Applications, 2 (4). pp. 553-571. ISSN 3024-9104

[thumbnail of 12640-Article Text-45655-1-10-20250518.pdf] Text
12640-Article Text-45655-1-10-20250518.pdf - Published Version
Available under License Creative Commons Attribution.
Download (442kB)

Abstract

The contemporary landscape of data management, marked by an unprecedented scale and velocity of data, has spurred the widespread adoption of NoSQL databases, prioritizing scalability and performance over traditional relational constraints. While offering significant flexibility, this paradigm shift introduces complex cybersecurity challenges, notably query injection vulnerabilities, which are consistently ranked among the top web application security risks. Redis, a leading in-memory key-value store powering critical infrastructure globally, presents a unique security profile due to its architectural design and features like Lua scripting. Despite its prevalence, a comprehensive academic evaluation of Redis injection attack vectors remains understudied. This study addresses this gap by systematically evaluating command and Lua script injection vulnerabilities in Redis version 7.4.1 across controlled configurations: default, password-protected, and ACL-secured environments. We quantify vulnerability risk and empirically validate mitigation strategies by employing a Dockerized testing framework, Python-driven exploit simulations, and CVSS v3.1 scoring. Our findings reveal critical weaknesses in default and permissively configured environments and demonstrate that restrictive Access Control Lists (ACLs), adhering to the principle of least privilege, provide complete mitigation against the specific injection vectors evaluated in our controlled experimental setup. We propose a Redis-specific threat taxonomy and provide empirically validated recommendations for securing Redis deployments, emphasizing layered security controls and proper ACL implementation. This research contributes the first systematic evaluation of modern Redis injection vulnerabilities and highlights the critical importance of security-conscious configurations to protect vital data infrastructure.

Item Type: Article
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Depositing User: dl fts
Date Deposited: 19 May 2025 00:44
Last Modified: 19 May 2025 00:44
URI: https://dl.futuretechsci.org/id/eprint/112

Actions (login required)

View Item
View Item