SafePyScript: A Web-Based Solution for Machine Learning-Driven Vulnerability Detection in Python

• URL: http://arxiv.org/abs/2411.00636v1
• Date: Fri, 01 Nov 2024 14:49:33 GMT
• Title: SafePyScript: A Web-Based Solution for Machine Learning-Driven Vulnerability Detection in Python
• Authors: Talaya Farasat, Atiqullah Ahmadzai, Aleena Elsa George, Sayed Alisina Qaderi, Dusan Dordevic, Joachim Posegga,
• Abstract summary: We present SafePyScript, a machine learning-based web application designed specifically to identify vulnerabilities in Python source code. Despite Python's significance as a major programming language, there is currently no convenient and easy-to-use machine learning-based web application for detecting vulnerabilities in its source code.
• Score: 0.0
• License:
• Abstract: Software vulnerabilities are a fundamental cause of cyber attacks. Effectively identifying these vulnerabilities is essential for robust cybersecurity, yet it remains a complex and challenging task. In this paper, we present SafePyScript, a machine learning-based web application designed specifically to identify vulnerabilities in Python source code. Despite Python's significance as a major programming language, there is currently no convenient and easy-to-use machine learning-based web application for detecting vulnerabilities in its source code. SafePyScript addresses this gap by providing an accessible solution for Python programmers to ensure the security of their applications. SafePyScript link: https://safepyscript.com/

Related papers

• An Empirical Study of Vulnerability Handling Times in CPython [0.2538209532048867]
  The paper examines the handling times of software vulnerabilities in CPython. The paper contributes to the recent effort to better understand security of the Python ecosystem.
  arXiv  Detail & Related papers  (2024-11-01T08:46:14Z)
• Adding web pentesting functionality to PTHelper [0.4779196219827506]
  This project is the direct continuation of the previous initiative called PThelper: An open source tool to support the Penetration Testing process. This continuation is focused on expanding PThelper with the functionality to detect and later report web vulnerabilities.
  arXiv  Detail & Related papers  (2024-10-16T10:05:56Z)
• Machine Learning Techniques for Python Source Code Vulnerability Detection [0.0]
  We apply and compare different machine learning algorithms for source code vulnerability detection specifically for Python programming language. Our Bidirectional Long Short-Term Memory (BiLSTM) model achieves a remarkable performance.
  arXiv  Detail & Related papers  (2024-04-15T08:01:02Z)
• A Study of Vulnerability Repair in JavaScript Programs with Large Language Models [2.4622939109173885]
  Large Language Models (LLMs) have demonstrated substantial advancements across multiple domains. Our experiments on real-world software vulnerabilities show that while LLMs are promising in automatic program repair of JavaScript code, achieving a correct bug fix often requires an appropriate amount of context in the prompt.
  arXiv  Detail & Related papers  (2024-03-19T23:04:03Z)
• Python Fuzzing for Trustworthy Machine Learning Frameworks [0.0]
  We propose a dynamic analysis pipeline for Python projects using Sydr-Fuzz. Our pipeline includes fuzzing, corpus minimization, crash triaging, and coverage collection. To identify the most vulnerable parts of machine learning frameworks, we analyze their potential attack surfaces and develop fuzz targets for PyTorch, and related projects such as h5py.
  arXiv  Detail & Related papers  (2024-03-19T13:41:11Z)
• CodeLMSec Benchmark: Systematically Evaluating and Finding Security Vulnerabilities in Black-Box Code Language Models [58.27254444280376]
  Large language models (LLMs) for automatic code generation have achieved breakthroughs in several programming tasks. Training data for these models is usually collected from the Internet (e.g., from open-source repositories) and is likely to contain faults and security vulnerabilities. This unsanitized training data can cause the language models to learn these vulnerabilities and propagate them during the code generation procedure.
  arXiv  Detail & Related papers  (2023-02-08T11:54:07Z)
• BackdoorBox: A Python Toolbox for Backdoor Learning [67.53987387581222]
  This Python toolbox implements representative and advanced backdoor attacks and defenses. It allows researchers and developers to easily implement and compare different methods on benchmark or their local datasets.
  arXiv  Detail & Related papers  (2023-02-01T09:45:42Z)
• VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements [62.93814803258067]
  This paper presents VELVET, a novel ensemble learning approach to locate vulnerable statements in source code. Our model combines graph-based and sequence-based neural networks to successfully capture the local and global context of a program graph. VELVET achieves 99.6% and 43.6% top-1 accuracy over synthetic data and real-world data, respectively.
  arXiv  Detail & Related papers  (2021-12-20T22:45:27Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• SafePILCO: a software tool for safe and data-efficient policy synthesis [67.17251247987187]
  SafePILCO is a software tool for safe and data-efficient policy search with reinforcement learning. It extends the known PILCO algorithm, originally written in Python, to support safe learning.
  arXiv  Detail & Related papers  (2020-08-07T17:17:30Z)
• Autosploit: A Fully Automated Framework for Evaluating the Exploitability of Security Vulnerabilities [47.748732208602355]
  Autosploit is an automated framework for evaluating the exploitability of vulnerabilities. It automatically tests the exploits on different configurations of the environment. It is able to identify the system properties that affect the ability to exploit a vulnerability in both noiseless and noisy environments.
  arXiv  Detail & Related papers  (2020-06-30T18:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.