Bioinformatics is a subject that focuses on developing methods and software tools, especially web applications, to analyze, understand and utilize biological data. This scientific field attracts large research interest and has been developed rapidly in most aspects but not on security. The lack of security awareness of researchers and insufficient maintenance are the main reasons for security vulnerabilities of bioinformatics web application, such as SQL injection, XSS and file leakage, etc. In the paper, we perform security analysis for website URLs extracted from PubMed abstracts, which contains more than 20,000 URLs. The analysis includes server version CVE matching, HTTPS security evaluation, git leakage detection, and small-scale manual penetration testing. The result shows that the most commonly used server version is outdated and vulnerable. Particularly, only one-fourth HTTPS domains are secure based on our testing, which only count for 7.6% in the entire testing websites. Discovered vulnerabilities are reported to website manager by email and we receive positive feedbacks.
[1]
Mark Johnson,et al.
NCBI BLAST: a better web interface
,
2008,
Nucleic Acids Res..
[2]
Yincong Zhou,et al.
DaTo: an atlas of biological databases and tools
,
2016,
Journal of integrative bioinformatics.
[3]
Li Tong,et al.
DaTo: an atlas of biological databases and tools
,
2016,
J. Integr. Bioinform..
[4]
Michael Backes,et al.
Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
,
2018,
NDSS.