Hackers of India

Tale of training a Web Terminator!

By  Bharadwaj Machiraju  on 03 Mar 2017 @ Nullcon

Abstract

Machine learning is extensively used in a defensive role already. So, a look into how offensive testing can be is an option worth looking at. The current security tools lack the context of the application it is testing considering that machines are at a stage of captioning images like humans. Can better tools be built with the help of recent advancements in ML. The answer is a resounding YES!!

This talk would cover: Introduction to supervised and unsupervised variants of machine learning along with application security perspective of these algorithms. A prototype application scanner which can Spider more effectively than conventional crawlers using different methods of supervised and unsupervised learning. Understand the feedback provided by the application Fuzz according to the application and its inputs by using its previously learnt knowledge. Failures occurred during the construction of the scanner. A bit of math (nothing lethal)!! The aim of this talk is to remove the perception that machine learning is rocket science and enable attendees to either contribute or start building their own intelligent scanner.