Cypher Query Injection - the new "SQL Injection" we aren't aware of

Track 1 - Jungle

Thu, 30 Jun 2022 @ 15:45:00

TL;DR Cypher query injection is the new SQL Injection we aren’t aware of. How often do you hear about injections? Probably a lot. Probably most of them are familiar to you and chances are that you are tired of hearing about another SQL injection that was recently found. Graph Databases (e.g. Neo4j, RedisGraph, Amazon Neptune) which are becoming increasingly popular don’t use SQL, but you can still achieve an injection and even go beyond that. In this talk we are going to see how it can be done.