Meerkat
Aller à la navigation
Aller à la recherche
Meerkat: Security audit tool for Django websites
Team
- Developpers: Timothée Mazzucotelli, Pierre Parrend
- Product owner: Florent Colin
Challenges
- Objective for the end-user: assert a certain level of maturity and security of the application, detect and traceback abnormal behaviors
- Scientific objective: implement and experiment new ways, as well as classic ways of achieving security audit
Features
- Fully Django admin integrated interface, as an extension of Django-Suit
- Server log analysis: past logs statistics and real-time metrics, including detection of potential attacks
- Application architecture and code analysis: dependencies, code health and more as Design Structure Matrices
- Permission system analysis: users permissions as DSM and action history
- OpenSAMM based audit sheets: security assessment and conformity, project wide
Implementation
- Meerkat is divided in sections, one for each feature previously cited.
Then each section is divided into modules. For example, the log analysis feature is composed of models (db tables), log parsers, statistics functions, static data, charts definitions, views (functions called according to query's URL), and views contents. Each section also have templates (HTML/CSS/JavaScript code) to render the views contents.
- Meerkat is implemented in Python, as a Django app. It has several dependencies:
django-suit-dashboard, dependenpy, archan, and of course, Django itself. As allowed by django-suit-dashboard, Meerkat uses Highcharts charting library to render information in interactive charts.
Download
- Installation: pip install django-meerkat
- Sources: https://github.com/Pawamoy/django-meerkat
Publications
- F. Colin , T. Mazzucotelli, P. Parrend, A. Deruyver, J. Mandel, GenIDA: a social network and database to inform on natural history of monogenic forms of intellectual disability and autism, European Human Genetics Conference, Bristol, United Kingdom, European Society of Human Genetics (Eds.), June 2015