How Machine Learning Helps With Web App Security
-
How Machine Learning Helps With Web App Security
The percentage of data breaches that used web application attacks has grown rapidly. A new report recommends machine learning tech for web app security testing. -
U.S. Web Apps Are Top Target
In Q4 2016, the number of web application attacks grew more than 12% globally. The U.S. remained the most attacked country, with a 72% increase from Q3 2016 to Q4 2016. -
Why Hackers Target Web Apps
Hackers exploit web applications because they are usually deployed by users, rather than IT, and are a perfect entry point for accessing a company's backend systems. -
First Level of Expertise to Detect Threats
Level I is based on traditional linear software analysis that can be optimized to quickly detect a long list of vulnerabilities. Even if the analysis is fast and daily, many false positives result. -
Second Level of Expertise to Detect Threats
Level II is based on machine learning and provides a deeper analysis to better detect vulnerabilities and reduce false positives. It optimizes the list of vulnerabilities and threats and supports final human interaction. -
Third Level of Expertise to Detect Threats
Level III is based on human-augmented analysis. An auditor will finalize the report based on expertise and analysis. -
Machine Learning Strengthens Security Testing
By using machine learning, the testing company can create a third layer of expertise so it can better detect potential threats in real time. -
Ratio Between Time and Accuracy
The quality of the report can be measured by the ratio between the time the report is generated and the accuracy of the information. It is easy to generate an analysis that raises red flags for deeper human analysis. -
Dealing With False Positives
The false positives rate is higher when human intelligence is used to classify threats and when the final report is not delivered quickly. Machine learning technologies can deliver both speed and quality. -
Scan and Analysis Flexibility
The scan and analysis flexibility will affect both the cost and quality of web app security testing. When software performs the analysis, it reduces the cost and improves the scalability and quality of the analysis. -
Link Machine Learning With Human Intelligence
Machine learning combined with human augmentation provides a good mix of scalability, quality and cost. Machine learning can perform robust vulnerabilities detection where the entire flaw is tested. -
Machine Learning Can Help Keep Costs Down
Machine learning can reduce the amount of time humans spend on tasks and processes, thereby reducing overall costs.
The cyber-security industry will grow from $102 billion in 2015 to $155 billion in 2020, with a compound annual growth rate of 52 percent, according to Frost & Sullivan. But in its report, "How Machine Learning Will Strengthen the Web Application Security Testing Market," the think tank also points to a different trend when it comes to web application attacks: Insecure web applications cause the most data breaches. Quoting Verizon's "Data Breach Investigation Report (DBIR) for 2016," Frost and Sullivan noted that "Although attacks on web applications account for only 8 percent of overall reported incidents (whether they were successful or not), attacks on web applications accounted for over 40 percent of incidents resulting in a data breach, and were the single-biggest source of data loss." Furthermore, the percentage of data breaches that leveraged web application attacks increased rapidly—from 7 percent in 2015 to 40 percent in 2016. In the face of this trend, Frost and Sullivan's report recommends machine learning technology for web application security testing.