Development of a Workshop on Automated Search for Vulnerabilities in Program Complexes Written in Python Using SAST Methods

Student: Gaganova Darya

Faculty: HSE Tikhonov Moscow Institute of Electronics and Mathematics (MIEM HSE)

Educational Programme: Computer Systems and Networks (Master)

Year of Graduation: 2024

The purpose of this work is to search, research and analyze vulnerabilities using Static Application Security Testing (SAST) and Software Composition Analysis (SCA) methods aimed at improving software security by identifying, identifying, and classifying vulnerabilities. As a result of the work, a study of SAST and SCA tools was conducted, as well as the use of tools for static and structural analysis of the source code of Python programs. Based on the results of the work, the data obtained because of vulnerability analysis in real Python programs using selected tools, according to international vulnerability classification systems, was interpreted. In the course of the work, a workshop was formed on automated vulnerability detection in software packages written in Python.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses