04.12 16:30 - 17:30
USI East Campus, Room D0.03 |
|---|
| |
|---|
Abstract: Application programming interfaces (APIs) enable Web services to securely interact and exchange information. The growing prevalence of malicious packages in software repositories has heightened efforts to identify malware in software dependencies, posing critical challenges for Web API developers and security teams. In this talk, we explore the dependency landscape of Web Service APIs by examining a curated collection of open-source GitHub repositories across five major programming languages. We study the historical evolution of dependencies throughout the commit history of each repository, tracking the total number of dependencies as well as the prevalence and persistence of deprecated, unofficial, and vulnerable packages over time. We provide a quantitative assessment of their usage, exploring the relationship between the security components of OpenAPI descriptions.
Chair: Alessandro Giagnorio | |
|---|
|
|---|
|
|
Diana Carolina Muñoz Hurtado | |
|---|
|
|---|
Università della Svizzera italiana | |
|---|
|
|---|
|
|
| | I am a Ph.D student in the DESIGN (Architecture, Design and Web Information Systems Engineering) research group at the software institute USI, Lugano, supervised by Prof. Dr Cesare Pautasso. In 2022 I receive my Master’s degree in Software Engineering from the Pontificia Universidad Javeriana from Colombia. I worked for 4 years as a Technical Consultant in ACI Worldwide. My current research focuses on security practices in web service APIs, applying mining and historical analysis techniques to study the evolution and risks of dependencies (vulnerable, obsolete, and unofficial packages) throughout the entire commit history of GitHub repositories, and how the security schemes documented in OpenAPI specifications correlate with different patterns of dependency usage and exposure to vulnerabilities in real-world APIs. 16:30 |
|---|
| |
|---|
|
|
|
|
