Devil in the Haystack - Application Security Through Statistical Analysis and Machine Learning

Explore application security techniques using statistics and machine learning in this conference talk from OWASP AppSec California 2015. Discover how Salesforce.com implements in-depth defense strategies within their applications, going beyond perimeter defenses. Learn about data-driven statistical approaches built with online learning methodologies and adaptive behavior modeling techniques that require minimal configuration and supervision. Understand how this research differs from traditional intrusion detection systems by inspecting transactions in the context of application semantics, user interactions, and enhanced user information. Gain insights into adaptive behavior-based detection methods, including fraud detection in multi-step business processes and alerting on abnormal in-app activities. Hear about the speaker's experience with big data technologies from the Apache Hadoop ecosystem, particularly Apache Spark, as enabling technologies for in-depth app platform threat detection.