How Machine Learning Helps With Web App Security
The percentage of data breaches that used web application attacks has grown rapidly. A new report recommends machine learning tech for web app security testing.
In Q4 2016, the number of web application attacks grew more than 12% globally. The U.S. remained the most attacked country, with a 72% increase from Q3 2016 to Q4 2016.
Hackers exploit web applications because they are usually deployed by users, rather than IT, and are a perfect entry point for accessing a company’s backend systems.
Level I is based on traditional linear software analysis that can be optimized to quickly detect a long list of vulnerabilities. Even if the analysis is fast and daily, many false positives result.
Level II is based on machine learning and provides a deeper analysis to better detect vulnerabilities and reduce false positives. It optimizes the list of vulnerabilities and threats and supports final human interaction.
Level III is based on human-augmented analysis. An auditor will finalize the report based on expertise and analysis.
By using machine learning, the testing company can create a third layer of expertise so it can better detect potential threats in real time.
The quality of the report can be measured by the ratio between the time the report is generated and the accuracy of the information. It is easy to generate an analysis that raises red flags for deeper human analysis.
The false positives rate is higher when human intelligence is used to classify threats and when the final report is not delivered quickly. Machine learning technologies can deliver both speed and quality.
The scan and analysis flexibility will affect both the cost and quality of web app security testing. When software performs the analysis, it reduces the cost and improves the scalability and quality of the analysis.
Machine learning combined with human augmentation provides a good mix of scalability, quality and cost. Machine learning can perform robust vulnerabilities detection where the entire flaw is tested.
Machine learning can reduce the amount of time humans spend on tasks and processes, thereby reducing overall costs.