An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications

10/31/2018
by   Jukka Ruohonen, et al.
0

This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in selected packages within the repository. The methodological approach builds on a release-based time series analysis of the conditional probabilities for the releases of the packages to be vulnerable. According to the results, many of the Python vulnerabilities observed seem to be only modestly severe; input validation and cross-site scripting have been the most typical vulnerabilities. In terms of the time series analysis based on the release histories, only the recent past is observed to be relevant for statistical predictions; the classical Markov property holds.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/04/2020

Vulnerability Analysis of 2500 Docker Hub Images

The use of container technology has skyrocketed during the last few year...
research
04/15/2021

A systematic review of Python packages for time series analysis

This paper presents a systematic review of Python packages with a focus ...
research
07/27/2021

A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI

Different security issues are a common problem for open source packages ...
research
07/25/2019

An Empirical Analysis of the Python Package Index (PyPI)

In this research, we provide a comprehensive empirical summary of the Py...
research
11/30/2018

On The Relation Between Outdated Docker Containers, Severity Vulnerabilities and Bugs

Packaging software into containers is becoming a common practice when de...
research
12/13/2018

A Demand-Side Viewpoint to Software Vulnerabilities in WordPress Plugins

WordPress has long been the most popular content management system (CMS)...
research
08/16/2021

Writing R Extensions in Rust

This paper complements "Writing R Extensions," the official guide for wr...

Please sign up or login with your details

Forgot password? Click here to reset