《Snyk:Python安全洞察报告(英文版)(19页).pdf》由会员分享,可在线阅读,更多相关《Snyk:Python安全洞察报告(英文版)(19页).pdf(19页珍藏版)》请在三个皮匠报告上搜索。
1、Python security insightsSeptember 2021 tl;drIntroductionThe security footprint of a typical Python projectThe most common security issues in Python projectsDealing with vulnerabilities in Python containersVulnerability spotlight:ipaddressThe most commonly downloaded Python packagesThe most common vu
2、lnerable packages in Python projectsPackage spotlight:urllib3Fixing vulnerabilitiesKeep your code secureTackling known vulnerabilities Picking the right container imageConclusion34579101113141516171819Table of contents*tl;drPyPI stat?316,360 package?2,739,363 version release?4,595,611 package file?8
3、.3TB total size of packages on PyPIPython project?An average project has 35 dependencies with an almost 50/50 split between direct and indirect dependencie?An average vulnerable project consists of 33 known vulnerabilitiesSecurity takeawaysBad new?47%of Python projects contain known vulnerabilitie?3
4、3%of all known Python vulnerabilities are high and critical severity issue?In over 60%of Python projects,code related elements of OWASP Top 10 2021 list of issues can be found(e.g.Command Injection,XSS).Good new?You can eliminate 87%of known vulnerabilities by upgrading the vulnerable packag?Most co
5、ntainer vulnerabilities can be fixed using slimmer image?The most popular Python packages are healthy,receiving an average Snyk Advisor health score of 81%Python container?Over 1500 different Python image tags were pulled down from Docker in the last month alone?python:latest(AKA python:3.9),has 431
6、 pre-installed packages with 353 vulnerabilities?Most vulnerabilities can quickly be“fixed”by using slimmer images?python:slim(Debian-based)has only 94 packages and 78 vulnerabilitie?python:alpine has just 37 packages and 0 vulnerabilitiesData taken from the Snyk Intel Vulnerability Database,hundred