Mongoaudit — how secure is your database?

Discover if your MongoDB server is secure enough 🔎🐛

Reviews

Discussion

You need to become a Contributor to join the discussion - Find out how.
Spencer TrumanMaker@aesedepece · CTO @Stampery
Companies of all sizes use MongoDB, Stampery included. Why? It’s schema-less, fast, scalable. We all love its deep query-ability. But it’s no secret that MongoDB pays more attention to scalability, performance and ease of use than to security. There are quite a few holes in its default configuration settings. This, combined with lazy admins and devs led to what the press has dubbed the MongoDB apocalypse. More than 25,000 MongoDB instances were targeted by hackers. Information was encrypted and money was asked for the decryption keys. In some cases information was wiped with no way to recover it. Mongoaudit tackles this problem and more. It not only detects misconfigurations, known vulnerabilities and bugs. It also gives advice on how to fix problems and recommends best security practices. Once the tests are run Mongoaudit can either display a basic report on screen or send a detailed one via email. This personalized report links to a series of guides on how to fix every specific issue and how to harden the targeted MongoDB deployment. We have also published the Mongoaudit guides in our Medium publications— be sure to check them: https://medium.com/mongoaudit