Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://python-security.readthedocs.io/packages.html below:

Packages and PyPI — Python Security 0.0 documentation

• https://github.com/pyupio/safety-db and https://pyup.io/

• safety package: Safety checks your installed dependencies for known security vulnerabilities.

• Verifying PyPI and Conda Packages by Stuart Mumford (2016-06-21)

• Sign a package using GPG and Twine

• pip: Implement “hook” support for package signature verification

• PEP 458 – Surviving a Compromise of PyPI (27-Sep-2013)

• PEP 480 – Surviving a Compromise of PyPI: The Maximum Security Model (8-Oct-2014)

• Making PyPI security independent of SSL/TLS by Nick Coghlan

• Index Vulnerability: Unchecked File Deletion
• PyPI credential exposure on GitHub
• Authentication Flaws in 2FA and API Tokens
• Upload endpoint CSRF vulnerability
• Unintended Deployments to PyPI Servers
• Vulnerability in Legacy Document Deletion on PyPI
• Vulnerability in GitHub Actions workflow for PyPI
• Vulnerability in Role Deletion on PyPI
• Account Takeover and Malicious Replacement of ctx Project

• Typosquatting programming language package managers by Nikolai Tschacher (8 June, 2016)

• LWN: Typosquatting in package repositories (July 20, 2016)

• Building a botnet on PyPi by Steve Stagg (May 19, 2017)

• warehouse bug (pypi.org): Block package names that conflict with core libraries (reported at June 28, 2017)

• 2017-09-09: skcsirt-sa-20170909-pypi-malicious-code advisory

fate0:

• 2017-05-27 04:38 - 2017-05-31 12:24 (5 days): 10,685 downloads

• May-June, 2017

• https://mail.python.org/pipermail/distutils-sig/2017-June/030592.html

• http://blog.fatezero.org/2017/06/01/package-fishing/

• https://github.com/pypa/pypi-legacy/issues/644

• http://evilpackage.fatezero.org/

• https://github.com/fate0/cookiecutter-evilpy-package

• Packages (this list needs to be validated):

  • caffe

  • ffmpeg

  • ftp

  • git

  • hbase

  • memcached

  • mkl

  • mongodb

  • opencv

  • openssl

  • phantomjs

  • proxy

  • pygpu

  • python-dev

  • rabbitmq

  • requirement.txt

  • requirements.txt

  • rrequirements.txt

  • samba

  • shadowsock

  • smb

  • tkinter

  • vtk

  • youtube-dl

  • zookeeper

  • ztz

  • …

Example of typos:

• urllib, urllib2: part of the standard library

• urlib3 instead of urllib3

• The Update Framework (TUF): Like the S in HTTPS, a plug-and-play library for securing a software updater.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4