Big Data Days 2021

Online Edition

28-30 Cентября

онлайн

Jameel Nabbo

Cybersecurity Researcher

The Netherlands

Биография

Jameel is a cybersecurity researcher for over 12 years; he contributed to the InfoSec community over the last decade, developed open-source compilers and reported many Zero-Day vulnerabilities. Currently, he is leading the red team for of the biggest consulting firms in the market globally.

Доклад

Neural Networks on the Source Code

While researching for years to create a programming language processor that can analyse the source code without executing it and find vulnerabilities may sound like a crazy task to do, as it’s one of the most difficult problems to solve in computer science.

Over the years, Jameel went deeply into the programming languages design and implementation, creating compilers and creating static code analyzers. In this research, you will be able to see how it would be possible to use machine learning and neural networks on the source code itself to find any security flaws without actually executing or building the source code (none-compiled) code.

The goal of this research is to take the source code analysis and finding vulnerabilities in the source code to the next level as (all) the solutions in the market processed many false positives when processing the source code and requires a (huge) budget to have a basic subscription, as these tools are complicated to develop.

The open-source tools only catch the law-hanging fruits vulnerabilities in the source code, and they are made of regular expression instructions. At the same time, ReGex is not designed to parse programming languages. https://offensive360.com/

Ключевые слова

ML on Source Code
Static Code Analysis
Compilers

« Hазад