Kill All Humans - Bugs - Machine Learning to the Rescue of Code Review

Explore machine learning techniques for enhancing code review and static analysis in this 51-minute conference talk from 44CON 2018. Discover how supervised learning algorithms can be applied to automatically triage and classify vulnerabilities like SQL injection and Cross-Site Scripting, reducing false positives and human fatigue in large-scale applications. Learn about the effectiveness of various attributes used in classification, including location, data flow sources, API, and dynamic expressions. Gain insights into the open-source "Find Security Bugs ML" tools for building enriched datasets and classifying findings. Witness demonstrations of large-scale vulnerability scanning with prioritized issue presentation and classification verification. Uncover how these techniques led to the discovery of 0-day vulnerabilities in Java libraries, including the Spring Framework, and learn how to apply similar methods to enterprise applications and third-party libraries, even without source code access.

Kill All Humans... Bugs! - Philippe Arteau at 44CON 2018