#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolutionizing Security Testing with AI" at #ATAGTR2023. #ATAGTR2023 was the 8th Edition of Global Testing Retreat. To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/

1. G lobal T esting Retreat
#ATAGTR2023
R E V O L U T I O N I Z I N G S E C U R I T Y
T E S T I N G W I T H A I
Chidambaram Vetrivel
Venkatesh Belde
Dentsu World Services
Global Testing Retreat
#ATAGTR2023

2. G lobal T esting Retreat
#ATAGTR2023
G lobal T esting Retreat
#ATAGTR2023
Handling Missed Vulnerabilities :
• Most common vulnerabilities which are not covered by the automated security scans
and can be detected as part of Manual Security Checklist test
• We can ensure the application/business logic can't be modified or changed
• No way to bypass Front-end validation logic
• It ensures any parameters are not allowed to be modified on client side
• Sensitive Data Exposure covers major threats like 1. Confidentiality Breach, 2.
Integrity Breach & 3. Availability Breach is also handled under the checklist

3. G lobal T esting Retreat
#ATAGTR2023
G lobal T esting Retreat
#ATAGTR2023
There is no way to bypass application logic or frontend validation in a malicious way
Examples:
• Getting more loyalty points than presented in the UI by tampering with the request
URL/form parameter
• Adding more than the allowed product samples by resubmitting the request or
tampering with parameters
Voucher/coupon entry - you can't enumerate codes - they are sequential, and they are
complex enough or there is bot protection
Sensitive personal data (email address, names, addresses, postcodes, etc.) is not:
• Being accidentally sent to third parties (e.g., analytics) - only if needed for something
• Stored in cookies - as cookies are sent with request headers (in contrast to local
Storage)
• request URLs
• network responses (how to search in all network requests)
• cookies

4. G lobal T esting Retreat
#ATAGTR2023
G lobal T esting Retreat
#ATAGTR2023
Machine Learning Algorithm in Security Testing:
• We are using “Process Based Approach” and “Prevention-based techniques” to
design the model for ML
• ML Model uses anomaly detection and scope analysis for security advancement
• Model uses Intrusion detection and hence identifying the vulnerabilities becomes easy
• Model updates the pattern matching to simulate realistic attacks and evaluate the
defense mechanism more effectively and efficiently
• Model designed to continuously to update the scenarios based on the new
vulnerabilities
• Model powered with AI Security testing that involves threat intelligence

5. G lobal T esting Retreat
#ATAGTR2023
G lobal T esting Retreat
#ATAGTR2023
Machine Learning Algorithm in Security Testing:
• In Security ML continuously learns by analyzing data to find patterns to detect the
vulnerabilities and protect data by uncovering suspicious user behavior
• We keep adding different set of patterns that we observed over the years to the ML
model
• The model process the input data to make predictions or Identifying a pattern without
programming explicitly
• We are using “Supervised Machine Learning” - as it use a labeled datasets to train
the Model (Algorithm) to classify data and predict outcomes accurately

6. G lobal T esting Retreat
#ATAGTR2023
G lobal T esting Retreat
#ATAGTR2023
R I S K R A T I N G M E T H O D O L O G Y M A T R I X :

7. G lobal T esting Retreat
#ATAGTR2023
G lobal T esting Retreat
#ATAGTR2023
THANK YOU