Dependency scanner : detecting security vulnerabilities in applications (Python)
In software development, third party libraries are usually included as part of the development process of many applications. These libraries may contain well-known vulnerabilities which can be found in the National Vulnerabilities Database (NVD). These vulnerabilities will eventually be a source of...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/72851 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-72851 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-728512023-03-03T20:48:22Z Dependency scanner : detecting security vulnerabilities in applications (Python) Geh, Benjamin Ming Chang Ta Nguyen Binh Duong School of Computer Science and Engineering DRNTU::Engineering::Computer science and engineering In software development, third party libraries are usually included as part of the development process of many applications. These libraries may contain well-known vulnerabilities which can be found in the National Vulnerabilities Database (NVD). These vulnerabilities will eventually be a source of a lot of major security exploits. Using known vulnerable components has been the reason for most of the security breaches today. Hence, there is a motivation to develop an application which is able to scan for such vulnerabilities and inform the user which in turn allows him to make wiser decisions on whether to use such libraries or change the libraries used. After researching on such tools, the ones currently on the market is only able to scan for Java and JavaScript applications. Furthermore, the current dependency checkers run using command prompt scripts making it less user friendly for most people, as they have to know some command line scripts at the very least in order to scan for these libraries. Last but not least, it takes quite an amount of time to scan applications. This project aims to improve the efficiency of the time taken for scanning such applications, extending the current tools to enable it to scan for Python applications and also develop a web application to ease the usage of such tools. This paper will discuss about the tools used for development, the system designs, the data results achieved and also some recommendations for future projects. Bachelor of Engineering (Computer Science) 2017-11-30T01:00:06Z 2017-11-30T01:00:06Z 2017 Final Year Project (FYP) http://hdl.handle.net/10356/72851 en Nanyang Technological University 42 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering Geh, Benjamin Ming Chang Dependency scanner : detecting security vulnerabilities in applications (Python) |
| description |
In software development, third party libraries are usually included as part of the development process of many applications. These libraries may contain well-known vulnerabilities which can be found in the National Vulnerabilities Database (NVD). These vulnerabilities will eventually be a source of a lot of major security exploits. Using known vulnerable components has been the reason for most of the security breaches today. Hence, there is a motivation to develop an application which is able to scan for such vulnerabilities and inform the user which in turn allows him to make wiser decisions on whether to use such libraries or change the libraries used.
After researching on such tools, the ones currently on the market is only able to scan for Java and JavaScript applications. Furthermore, the current dependency checkers run using command prompt scripts making it less user friendly for most people, as they have to know some command line scripts at the very least in order to scan for these libraries. Last but not least, it takes quite an amount of time to scan applications.
This project aims to improve the efficiency of the time taken for scanning such applications, extending the current tools to enable it to scan for Python applications and also develop a web application to ease the usage of such tools.
This paper will discuss about the tools used for development, the system designs, the data results achieved and also some recommendations for future projects. |
| author2 |
Ta Nguyen Binh Duong |
| author_facet |
Ta Nguyen Binh Duong Geh, Benjamin Ming Chang |
| format |
Final Year Project |
| author |
Geh, Benjamin Ming Chang |
| author_sort |
Geh, Benjamin Ming Chang |
| title |
Dependency scanner : detecting security vulnerabilities in applications (Python) |
| title_short |
Dependency scanner : detecting security vulnerabilities in applications (Python) |
| title_full |
Dependency scanner : detecting security vulnerabilities in applications (Python) |
| title_fullStr |
Dependency scanner : detecting security vulnerabilities in applications (Python) |
| title_full_unstemmed |
Dependency scanner : detecting security vulnerabilities in applications (Python) |
| title_sort |
dependency scanner : detecting security vulnerabilities in applications (python) |
| publishDate |
2017 |
| url |
http://hdl.handle.net/10356/72851 |
| _version_ |
1759857121047871488 |