Rahul Sasi

Paper Title

Making Machines think about security for fun and profit

Abstract

It is obvious and clear that traditional web application security scanners are incapable of finding logical security bugs. And as more cloud[API] based applications come onto the internet , we need smarter and intelligent tools to scale . Security automation is important and it is high time that we figure out a solution for automated scanning of logical bugs. Our talk would be on one innovative way to solve this problem using machine learning.

In this talk I will demonstrate and educate users how they can build tools that could detect logical security bugs by using machine learning as a key ingredient. Modern application are build on top of APIs and the biggest security issue faced are logical bugs for example weak authorization issues . This presentation will discuss how principles of various Machine learning algorithms can be applied to make security tools more aware of the application its scanning, there by making it detect logical security issues . We will have many cool demonstrations, where bugs that are only possible to be detected by a human analyst get's uncovered by our ML programs. The talk is structured for application/cloud security enthusiast.

Speaker Bio

Rahul has over 7 years of experience in security, research and product development. He has authored multiple security tools, advisories and articles. He has been invited to speak at various security conferences like HITB (AMS 2012,2013,2014), HITB [KL 2014], BlackHat (EU,US 2012,2013), EKoparty (Ar 2013,2015), CanSecwest(Ca 2013), HITCON(2013), Cocon (2011-2014), Nullcon (2011-2015). He is the founder and CTO of CloudSek a Machine learning based threat detection technology . Prior to founding Cloudsek he was a Sr Engineer at Citrix where he held the responsibility of making Citrix products hack proof.