Pysa is an open source static analysis tool developed by Facebook to detect and prevent security issues in Python code. Pysa is a security-focused tool built for Python. It is used to look at the code and analyze how data flows through it.

Pysa is used to verify how Python properly uses certain internal frameworks, which are designed to prevent access to or disclosure of user data based on privacy policies. Pysa also detects common web application security issues, such as XSS and SQL injection. As Zoncolan did for the Hack code, Pysa helped develop the security efforts of the Python application, especially the basic code that powers the Instagram servers.

Pysa a fost dezvoltat bazandu-se pe experienta acumulata cu Zoncolan. Utilizeaza aceiasi algoritmi pentru a efectua analiza statica si chiar impartaseste unele coduri cu Zoncolan. Ca si Zoncolan, Pysa urmareste fluxurile de date printr-un program. Utilizatorul defineste sursele (locurile de unde provin date importante), precum si locurile in care datele din sursa nu ar trebui sa se termine.

For security applications, the most common types of sources are places where user-controlled data enters the application, such as HttpRequest.GET Django dictionary. Pysa performs iterative rounds of analysis to build summaries to determine which functions return data from a source and which functions have parameters that eventually reach a sink. If Pysa finds that a source is eventually connecting to a sink, it reports a problem.

Source: engineering.fb.com

  • What is your reaction?
  • powered by Verysign
  • like gnulinux.ro
    Like
  • unmoved gnulinux.ro
    Unmoved
  • amused gnulinux.ro
    Amused
  • excited gnulinux.ro
    Excited
  • angry gnulinux.ro
    Angry
  • sad gnulinux.ro
    Sad
TENDINTA  |  Emulatia IDE-SCSI in cazul in care folositi un kernel mai vechi (2.2.x, 2.2...
FlorinM                   gnulinux.ro
FlorinM
Utilizator Linux - Solus OS, pasionat de calatorii.
1659 articole



  • Comenteaza
  • powered by Verysign

Nici un comentariu inca. Fii primul!