Python Popular With Hackers
Written by Janet Swift   
Wednesday, 03 October 2018

The latest news of Python's popularity comes from a cyber security software and services company which provides protection to enterprise data and application software. Imperva reports that around 77 percent of all the sites it protects, have been attacked by at least one Python-based tool. 

Image result for python

Python's popularity is a recurring theme on I Programmer and if you want a reminder or recap see Python - The Future Of Programming? and Python's Unstoppable Rise.

Now the Imperva threat research team has investigated how popular Python is among "bad actors". Looking first at GitHub, Johnathan Azaria, Ori Nakar, Edi Kogan estimated that:

more than 20% of GitHub repositories that implement an attack tool / exploit PoC are written in Python.

Turning to its own data, specifically security incidents but excluding vulnerability scanners, the Imperva team  found that the largest group of clients identified (25%) were based on Python, making it the most common vector for launching exploit attempts:



Examining the use of Python in daily attacks against the sites it protects over a period of 80 days, Imperva found that up to 77%, of them were attacked by a Python-based tool:impervadailyattacks

The researchers noted that the two most popular Python modules used for web attacks are Python Requests (89%) and Urllib (11%). They comment:

Use of the new module, Async IO, is just kicking off, which makes perfect sense when you consider the vast possibilities the library offers in the field of layer 7 DDoS; especially when using a “Spray N’ Pray” technique.

Noting that the number of CVEs (Common Vulnerabilities and Exposures) has increased steeply since 2013, the researchers comment:

The advantages of Python as a coding language make it a popular tool for implementing known exploits. 

Looking for the most popular targets for exploits, they found that attacks aimed at Struts, Joomla, WordPress and Drupal were the most common.impervac2

In terms of how to respond, the advice from Imperva is:

Unless you can differentiate between requests from Python-based tools and any other tool ... make sure to keep security in mind when developing, keep your system up to date with patches, and refrain from any practice that is considered insecure.


More Information

The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice


Related Articles

Python's Unstoppable Rise

Python The Future Of Programming?

Guido van Rossum Quits As Python BDFL

Python 3.7 Released

Python Development Trends

What Makes Python Special?

Python 3 For Science - A Survey

Jupyter Receives ACM Award

Free Version of PyCharm Python IDE

Getting Started with Python (Draft book extract from Programmer's Python)

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.



.NET MAUI Community Toolkit Adds TouchBehavior

Version 8 of the .NET MAUI Community Toolkit has been released with the addition of TouchBehavior (previously known as the TouchEffect). The major release also has breaking changes for the Snackbar on [ ... ]

MongoDB Atlas Stream Processing Generally Available

The MongoDB developers have announced that MongoDB Atlas now has support for stream processing. The news was announced at MongoDB.Local NYC.

More News

raspberry pi books



or email your comment to:

Last Updated ( Wednesday, 03 October 2018 )