Internship research project about website API and packages weakness
In today's society many websites and applications are created using external API, libraries and external code without being looked up or even without seeing the code. This problem led to a great deal of website shutdown due to an API being revealed having a critical vulnerability also called (CVE: Common Vulnerabilities and Exposures). We can give the example of the PHP API that led to security breaches in many server type websites https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703. To solve this problem and create awareness about the use of external codes and API I wish to develop a tool that would analyze a website, create a list or map of every API and external call used and then compare it with the database of common vulnerabilities. The tool will also look for unused API that might create breaches on the website and suggest replacing an API if a vulnerability is found. It will also seek for unused functions in a library to only import the functions used and relieves the website from many packages. We can consider the tool will realize an audit on a website. Those are all my ideas and to sum up :
Objectif : Create a tool in python which is my main programming language to analyze a website or application code in order to realize a security audit on the website/application.
GitHub, Cython, C, Python, Js, CVE.
https://reqbin.com/ https://github.com/Kong/insomnia https://deviniti.com/blog/software-engineering/how-to-audit-api-step-by-step/ https://www.cve.org https://cve.mitre.org/