1

Technical Expertise
PERSONAL PROFILE
ACHIEVEMENTS
EDUCATION
HOBBIES
CONTACT INFO
.
Master of Technology @IIT Kanpur 2017
Bachelor of Technology @IIT Kanpur 2016
Research Intern @University of Tokyo 2015
LinkedIn: Sagar Bhure
email: sagar.bhure@owasp.org
Website: www.sagarbhure.com
Aerial photography
Travel and Culture
and many more ….
SAGAR BHURE
“You are an essential ingredient in our ongoing effort to
reduce Security Risk” ― Kirsten Manthorne
Layer 7 Protocol (DNS, HTTP …)
Cryptography in Network security
Android Application Security
Computer Vision, Artificial Intelligence
MERN, RPA, HW Security …
Two filed patent @USPTO
Project Leader at OWASP MLSVS
Former Linux Foundation Scholar
OWASP CFP/CPT Reviewer
$whoami

Overview of ML,
API Security Threat
ML for API Security
Demo
Best Practices
Q&A
Disclaimer: Opinions expressed in the following slides are solely based on opinion and does not simulate real world
Presenter – Sagar Bhure
3

ML Overview
4

ML Overview, Why ML?

Traditional API Security

Adding ML to API Security

Type of API Security Threat
8
• Bot attacks targeting APIs
Bot Attack
•Injection attacks such as SQL injection and cross-site
scripting(xss)
Injection attacks
•Authentication attacks such as brute-force & credential stuffing
Authentication Attack
•API-specific attacks such as scraping and abuse
API Specific Attack
•Breaches of data privacy and confidentiality
Data privacy and
confidentiality

Applying ML to API Security
9

DEMO
Good Queries Bad Queries
Disclaimer: The Demo in this slide is just for proof-of concept
and does not imply real world use case
10

DEMO - Code Overview
11

Best Practices – ML for APISEC
12

Journals & Books
13