Bharadwaj Machiraju

Application Security Engineer at Yodlee Pvt. Ltd.

Bharadwaj Machiraju

Talk Title

Tale of training a Web Terminator!

Abstract

Machine learning is extensively used in a defensive role already. So, a look into how offensive testing can be is an option worth looking at. The current security tools lack the context of the application it is testing considering that machines are at a stage of captioning images like humans. Can better tools be built with the help of recent advancements in ML. The answer is a resounding YES!!

This talk would cover:

  • Introduction to supervised and unsupervised variants of machine learning along with application security perspective of these algorithms.
  • A prototype application scanner which can
  • Spider more effectively than conventional crawlers using different
  • methods of supervised and unsupervised learning.
  • Understand the feedback provided by the application
  • Fuzz according to the application and its inputs by using its previously learnt knowledge.
  • Failures occurred during the construction of the scanner.
  • A bit of math (nothing lethal)!!

The aim of this talk is to remove the perception that machine learning is rocket science and enable attendees to either contribute or start building their own intelligent scanner.

Speaker Bio

Bharadwaj Machiraju is project leader for OWASP OWTF. He is mostly found either building a web appsec tool or hunting bugs for fame hackerone.com/tunnelshade. All tools are available at github.com/tunnelshade tunnelshade and all ramblings at blog.tunnelshade.in . Spoke at few conferences notably Brucon, Pycon India etc.. Apart from information security, he is interested in sleeping, mnemonic techniques & machine learning.

Copyright © 2018-19 | Nullcon India | International Security Conference | All Rights Reserved