AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Thursday, January 23 • 3:00pm - 3:50pm
Achieve AI-powered API Privacy using Open Source

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
I’ll begin with a brief survey of today’s privacy landscape: how it affects the software development industry now, and how it might in the future. Of particular interest are requirements imposed by recent regulations like GDPR and the CCPA, which require all processors of data to pay more attention to how they treat, store, and disseminate customers’ sensitive personal data.

Next, I’ll introduce the Privacy-by-Design (PbD) approach. With PbD, we hope to “shift privacy to the left” in the software development life cycle; similar to using the DevSecOps philosophy for security.

I’ll explore the challenges that organizations face in the new regulation-heavy climate, particularly in terms of taking into account privacy concerns in legacy software, which may have been written before privacy regulations became a significant factor.

Moving on, I’ll share what AI, more specifically Deep Neural Networks, can bring to the table in terms of assisting with a thorough review of the applications to make sure that they do not harbor privacy risks. Likewise, for all new developments, I’ll explore how AI can be harnessed to help ensure that privacy principles are successfully implemented.

I’ll then explore a reference application, specifically its dataflows, through which leakages of sensitive data that are not allowed by a privacy policy defined in a compliance context might occur.

Next, I will introduce an open source project (PrivAPI) that uses deep learning - mainly on top of Keras and Tensorflow - to detect sensitive data leakages, specifically within RESTful API communication.I’ll drill down on PrivAPI’s core architecture and design principles, as well as the use cases that it supports. I’ll explain how it can be integrated into the SDLC, as well as in production environments.

Finally, I’ll provide a live demo of PrivAPI (https://github.com/veridax/privapi), covering the detection capabilities with real world APIs communication.

avatar for Gianluca Brigandi

Gianluca Brigandi

Security and Privacy Researcher, Atricore Inc.
Gianluca Brigandi is a developer, security researcher, entrepreneur and open source contributor. His work in the past 15 years has revolved around delivering products at the intersections of privacy, application and container security, Identity & Access Management and AI.Gianluca... Read More →

Thursday January 23, 2020 3:00pm - 3:50pm PST
Terrace Lounge