Making Machines think about security for fun and profit presented at Nullcon 2016

by Rahul Sasi,

Summary : It is obvious and clear that traditional web application security scanners are incapable of finding logical security bugs. And as more cloud[API] based applications come onto the internet , we need smarter and intelligent tools to scale . Security automation is important and it is high time that we figure out a solution for automated scanning of logical bugs. Our talk would be on one innovative way to solve this problem using machine learning.
In this talk I will demonstrate and educate users how they can build tools that could detect logical security bugs by using machine learning as a key ingredient. Modern application are build on top of APIs and the biggest security issue faced are logical bugs for example weak authorization issues . This presentation will discuss how principles of various Machine learning algorithms can be applied to make security tools more aware of the application its scanning, there by making it detect logical security issues . We will have many cool demonstrations, where bugs that are only possible to be detected by a human analyst get's uncovered by our ML programs. The talk is structured for application/cloud security enthusiast.