Dependency scanner : detecting security vulnerabilities in applications (Python)
In software development, third party libraries are usually included as part of the development process of many applications. These libraries may contain well-known vulnerabilities which can be found in the National Vulnerabilities Database (NVD). These vulnerabilities will eventually be a source of...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/72851 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | In software development, third party libraries are usually included as part of the development process of many applications. These libraries may contain well-known vulnerabilities which can be found in the National Vulnerabilities Database (NVD). These vulnerabilities will eventually be a source of a lot of major security exploits. Using known vulnerable components has been the reason for most of the security breaches today. Hence, there is a motivation to develop an application which is able to scan for such vulnerabilities and inform the user which in turn allows him to make wiser decisions on whether to use such libraries or change the libraries used.
After researching on such tools, the ones currently on the market is only able to scan for Java and JavaScript applications. Furthermore, the current dependency checkers run using command prompt scripts making it less user friendly for most people, as they have to know some command line scripts at the very least in order to scan for these libraries. Last but not least, it takes quite an amount of time to scan applications.
This project aims to improve the efficiency of the time taken for scanning such applications, extending the current tools to enable it to scan for Python applications and also develop a web application to ease the usage of such tools.
This paper will discuss about the tools used for development, the system designs, the data results achieved and also some recommendations for future projects. |
|---|