Automatic Notification and Execution of Security Updates in the Django Web Framework

Abstract

Frameworks are actively used today as a tool to simplify development processes and to create secure and robust tailor made solutions. Using frameworks as the foundation when developing web solutions reduce the time it takes to go from an idea to a finished product, meanwhile allowing the framework to handle potential log-in processes. Problems occur if a security breach is identified in such a framework. If the flawed framework is utilized by multiple websites, these users will be vulnerable to malware or malicious actions by third parties. If the update process for the framework is simplified, it would mean an increase in the update rate by any admin.

In this thesis, research by interviews and observations have been made to identify possible improvements in the update process of the Python-based framework Django. Since 2010, more than 50 holes in the security of this framework have been discovered. Due to a complicated update process, there is reason to assume that there are multiple users on the web today with vulnerable versions of the framework. Therefore, in the work on this thesis, a tool that can be installed on existing Django-applications has been developed and tested. This tool will alert an admin if the current version of the framework is outdated. The tool includes a user interface to help the administrator installing any updates and uncover potential risks by installing the newest version of the framework.