OWASP - User contributions [en]

OWASP Top 5 Machine Learning Risks

2018-08-28T19:50:47Z

Talal Albacha: seba added as co-leader

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==
June 2018: <br />
* Project was discussed in Open Security Summit 2018 with wider team. https://open-security-summit.org/tracks/owasp-projects/working-sessions/owasp-top-5-machine-learning-risks/. stay tuned for outcomes.
* The first draft document is now available on Github https://github.com/OWASP/Top-5-Machine-Learning-Risks/
* Please raise issues in github for any comments or suggestions

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:https://www.owasp.org/images/c/cc/Machine_Learning_for_Application_Security_Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* Project Co-leader : [[User: Sdeleersnyder|Sebastien Deleersnyder]]
* [Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* Sereysethy Touch
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version (https://github.com/OWASP/Top-5-Machine-Learning-Risks/)
* Community responses
* Validate in AppSec conference
* Release final list for the year.

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-06-30T17:39:24Z

Talal Albacha: adding Seba

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==
June 2018: <br />
* Project was discussed in Open Security Summit 2018 with wider team. https://open-security-summit.org/tracks/owasp-projects/working-sessions/owasp-top-5-machine-learning-risks/. stay tuned for outcomes.
* The first draft document is now available on Github https://github.com/OWASP/Top-5-Machine-Learning-Risks/
* Please raise issues in github for any comments or suggestions

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:https://www.owasp.org/images/c/cc/Machine_Learning_for_Application_Security_Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* Sereysethy Touch
* [https://www.owasp.org/index.php/User:Sdeleersnyder Seba Deleersnyder]
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version (https://github.com/OWASP/Top-5-Machine-Learning-Risks/)
* Community responses
* Validate in AppSec conference
* Release final list for the year.

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-06-08T12:38:34Z

Talal Albacha:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==
June 2018: <br />
* Project was discussed in Open Security Summit 2018 with wider team. https://open-security-summit.org/tracks/owasp-projects/working-sessions/owasp-top-5-machine-learning-risks/. stay tuned for outcomes.
* The first draft document is now available on Github https://github.com/OWASP/Top-5-Machine-Learning-Risks/
* Please raise issues in github for any comments or suggestions

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:https://www.owasp.org/images/c/cc/Machine_Learning_for_Application_Security_Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* Sereysethy Touch
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version (https://github.com/OWASP/Top-5-Machine-Learning-Risks/)
* Community responses
* Validate in AppSec conference
* Release final list for the year.

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-06-08T12:36:19Z

Talal Albacha: update the github link

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==
June 2018: <br />
* Project was discussed in Open Security Summit 2018 with wider team. https://open-security-summit.org/tracks/owasp-projects/working-sessions/owasp-top-5-machine-learning-risks/. stay tuned for outcomes.
* The first draft document is now available on Github https://github.com/OWASP/Top-5-Machine-Learning-Risks/
* Please raise issues in github for any comments or suggestions

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:https://www.owasp.org/images/c/cc/Machine_Learning_for_Application_Security_Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* Sereysethy Touch
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version (https://github.com/OWASP/Top-5-Machine-Learning-Risks/)
* Community responses
* Validate in AppSec conference
* Release final list for the year.

NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-06-08T12:33:24Z

Talal Albacha: adding latest update

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==
June 2018: <br />
* Project was discussed in Open Security Summit 2018 with wider team. https://open-security-summit.org/tracks/owasp-projects/working-sessions/owasp-top-5-machine-learning-risks/. stay tuned for outcomes.
* The first draft document is now available on Github https://github.com/OWASP/Top-5-Machine-Learning-Risks/
* Please raise issues in github for any comments or suggestions

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:https://www.owasp.org/images/c/cc/Machine_Learning_for_Application_Security_Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* Sereysethy Touch
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.

As of September 2017, the topics priorities are:
** Machine Learning Introduction
*** What are the available machine learning platforms?
*** Are there any security vulnerabilities associated with these platforms?
** Usage of Machine Learning in Security
*** Can AI be used to reduce false positive findings in security scanners?
*** Fraud Detection...
** Security of Machine learning
*** ML Learning phase
*** How to securely feed data to ML and AI tools
*** How to make learning algorithms aware of malicious data?
** Top 5 risks
** Defending techniques
** References and Additional Resources
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-06-08T12:26:45Z

Talal Albacha: correct the link

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:https://www.owasp.org/images/c/cc/Machine_Learning_for_Application_Security_Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* Sereysethy Touch
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.

As of September 2017, the topics priorities are:
** Machine Learning Introduction
*** What are the available machine learning platforms?
*** Are there any security vulnerabilities associated with these platforms?
** Usage of Machine Learning in Security
*** Can AI be used to reduce false positive findings in security scanners?
*** Fraud Detection...
** Security of Machine learning
*** ML Learning phase
*** How to securely feed data to ML and AI tools
*** How to make learning algorithms aware of malicious data?
** Top 5 risks
** Defending techniques
** References and Additional Resources
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-06-02T19:25:31Z

Talal Albacha: /* FAQs */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:Https://www.owasp.org/index.php/File:Machine Learning for Application Security Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* Sereysethy Touch
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.

As of September 2017, the topics priorities are:
** Machine Learning Introduction
*** What are the available machine learning platforms?
*** Are there any security vulnerabilities associated with these platforms?
** Usage of Machine Learning in Security
*** Can AI be used to reduce false positive findings in security scanners?
*** Fraud Detection...
** Security of Machine learning
*** ML Learning phase
*** How to securely feed data to ML and AI tools
*** How to make learning algorithms aware of malicious data?
** Top 5 risks
** Defending techniques
** References and Additional Resources
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-03-11T07:18:05Z

Talal Albacha:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Project News ==

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:Https://www.owasp.org/index.php/File:Machine Learning for Application Security Professionals.pdf|thumb]]

== Quick Download ==
TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.

As of September 2017, the topics priorities are:
** Machine Learning Introduction
*** What are the available machine learning platforms?
*** Are there any security vulnerabilities associated with these platforms?
** Usage of Machine Learning in Security
*** Can AI be used to reduce false positive findings in security scanners?
*** Fraud Detection...
** Security of Machine learning
*** ML Learning phase
*** How to securely feed data to ML and AI tools
*** How to make learning algorithms aware of malicious data?
** Top 5 risks
** Defending techniques
** References and Additional Resources
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-03-11T06:50:26Z

Talal Albacha:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Quick Download ==
TBD

== Project News ==

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:Https://www.owasp.org/index.php/File:Machine Learning for Application Security Professionals.pdf|thumb]]

== In Print ==

TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.

As of September 2017, the topics priorities are:
** Machine Learning Introduction
*** What are the available machine learning platforms?
*** Are there any security vulnerabilities associated with these platforms?
** Usage of Machine Learning in Security
*** Can AI be used to reduce false positive findings in security scanners?
*** Fraud Detection...
** Security of Machine learning
*** ML Learning phase
*** How to securely feed data to ML and AI tools
*** How to make learning algorithms aware of malicious data?
** Top 5 risks
** Defending techniques
** References and Additional Resources
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-03-11T06:49:43Z

Talal Albacha: add latest news

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== Quick Download ==
TBD

== In Print ==

Project News:<br />
March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

September 2017:<br />
* Project introduction in webinar (attached)
[[File:Https://www.owasp.org/index.php/File:Machine Learning for Application Security Professionals.pdf|thumb]]

== In Print ==

TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.

As of September 2017, the topics priorities are:
** Machine Learning Introduction
*** What are the available machine learning platforms?
*** Are there any security vulnerabilities associated with these platforms?
** Usage of Machine Learning in Security
*** Can AI be used to reduce false positive findings in security scanners?
*** Fraud Detection...
** Security of Machine learning
*** ML Learning phase
*** How to securely feed data to ML and AI tools
*** How to make learning algorithms aware of malicious data?
** Top 5 risks
** Defending techniques
** References and Additional Resources
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP Top 5 Machine Learning Risks

2018-03-11T06:46:47Z

Talal Albacha: /* News and Events */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors. It also becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are still security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |
.

== Presentation ==

TBD

== Related Projects ==

*

== Openhub ==

* [https://www.openhub.net/orgs/OWASP OWASP Project Openhub]


| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==
TBD

== In Print ==

Project News:<br />

September 2017:<br />
* Project introduction in webinar (attached)
[[File:Https://www.owasp.org/index.php/File:Machine Learning for Application Security Professionals.pdf|thumb]]

January 2018:<br />
2 members joined the team:
* Jean-Noël Colin: Professor in CS Faculty of University of Namur, Belgium, working in the broad field of information security, and more recently, looking at using ML methods for security purposes
* Prabhant Singh: Master student at University of Tartu, currently researching on secure and reliable machine learning. have been associated with owasp from last 2 years.

February 2018: <br />
* First meeting held (Talal, Jean- Noël and Prabhant)
* Project content to be updated on google docs until we come up with the first draft, then it will be available on the wiki and github pages.

March 2018: <br />
* New member joined: Sereysethy Touch: Teaching Assistant in Faculty of Computer Science at University of Namur, Belgium.
* Second meeting held (Talal, Prabhant and Sethy)

== In Print ==

TBD

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project requires a lot of participations from data scientists, ML experts, software developers, risk managers and application security specialists. Please make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

= Acknowledgements =

==Contributors==

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* Project Leader: [[User:Talal Albacha|Talal Albacha]]
* [[Https://www.linkedin.com/in/jncolin/|Prof. Jean-Noël Colin]]
* [Https://twitter.com/prabhantsingh Prabhant Singh]
* ..[your name]..

= Road Map and Getting Involved =

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.

As of September 2017, the topics priorities are:
** Machine Learning Introduction
*** What are the available machine learning platforms?
*** Are there any security vulnerabilities associated with these platforms?
** Usage of Machine Learning in Security
*** Can AI be used to reduce false positive findings in security scanners?
*** Fraud Detection...
** Security of Machine learning
*** ML Learning phase
*** How to securely feed data to ML and AI tools
*** How to make learning algorithms aware of malicious data?
** Top 5 risks
** Defending techniques
** References and Additional Resources
__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

File:Machine Learning for Application Security Professionals.pdf

2018-03-11T01:18:51Z

Talal Albacha:

webinar about the project

User:Talal Albacha

2018-03-10T09:23:44Z

Talal Albacha:

Talal has more than 15 years of experince in Software Industry. He created and managed highly successful teams in two main areas of Enterprise Applications Development and Application Security Consulting in EMEA region. In addition, he has strong academic background on Artificial Intelligence and Machine Learning.
Some of the roles he did: developer, senior developer, product manager, applications development manager, lecturer, researcher, speaker, senior applications security consultant, manager of application security consulting service in chief security office.

Specialties:
- Software Intelligence (Machine Learning, Predictive algorithms)
- Application Security (Security Solutions, Secure Code Reviews, Design Security Review..)
- Software Development Management (Strategic planning, Agile methodology..)

OWASP contributions include:
* Organized Machine Learning and Security working session in OWASP Summit 2017 (https://owaspsummit.org/Working-Sessions/Research/Using-ML-and-AI-to-detect-attacks.html)
* [OWASP Projects Review during OWASP AppSec EU 2017 in Belfast] (<nowiki>https://2017.appsec.eu/program/project-reviews</nowiki>
* "Cyber Security for Financial Industry" talk in TSAM London 2017.
* OWASP GSOC 2014 Mentor (review initial stage projects).
* OWASP Syria Chapter Leader (2010-2015)
* "OWASP top ten & Payments Application Security" talk (Payment Risk Forum - Beirut - April/2011)
* Arabic translation for couple of OWASP newsletters in 2010
* "Application Security & OWASP top ten" talk (6th ICT Security Forum - Damascus - October/2010)

User:Talal Albacha

2018-03-10T08:50:24Z

Talal Albacha: minor update

Talal has more than 15 years of experince in Software Industry and Academia. He created and managed Enterprise Applications Development and Application Security Consulting teams in EMEA region. He has also strong academic background on Artificial Intelligence and Machine Learning.
Some of the roles he did: developer, senior developer, product manager, applications development manager, lecturer, researcher, speaker, senior applications security consultant, manager of application security consulting service in chief security office.

Specialties:
- Software Intelligence (Machine Learning, Predictive algorithms)
- Application Security (Security Solutions, Secure Code Reviews, Design Security Review..)
- Software Development Management (Strategic planning, Agile methodology..)

OWASP contributions include:
* Organized Machine Learning and Security working session in OWASP Summit 2017 (https://owaspsummit.org/Working-Sessions/Research/Using-ML-and-AI-to-detect-attacks.html)
* [OWASP Projects Review during OWASP AppSec EU 2017 in Belfast] (<nowiki>https://2017.appsec.eu/program/project-reviews</nowiki>
* "Cyber Security for Financial Industry" talk in TSAM London 2017.
* OWASP GSOC 2014 Mentor (review initial stage projects).
* OWASP Syria Chapter Leader (2010-2015)
* "OWASP top ten & Payments Application Security" talk (Payment Risk Forum - Beirut - April/2011)
* Arabic translation for couple of OWASP newsletters in 2010
* "Application Security & OWASP top ten" talk (6th ICT Security Forum - Damascus - October/2010)

OWASP Top 5 Machine Learning Risks

2018-02-28T20:31:29Z

Talal Albacha: /* Classifications */

OWASP Top 5 Machine Learning Risks

2018-02-23T23:47:40Z

Talal Albacha: /* Presentation */

OWASP Top 5 Machine Learning Risks

2018-02-16T23:00:22Z

Talal Albacha: /* Presentation */

OWASP Top 5 Machine Learning Risks

2018-02-16T22:57:45Z

Talal Albacha: /* FAQs */ adding the contributors

User:Talal Albacha

2017-09-06T07:21:05Z

Talal Albacha:

Long experience in Enterprise Applications Development Management, Application Security and Software Intelligence in EMEA region.
Consultant roles in multiple projects.
Strong Academic background
Distinctive training, conferences and certificates
Speaker in regional conferences

Specialties:
- Software Intelligence (Machine Learning, Predictive algorithms)
- Application Security (Security Solutions, Secure Code Reviews, Design Security Review..)
- Software Development Management (Strategic planning, Agile methodology..)

OWASP contributions include:
* Organized Machine Learning and Security working session in OWASP Summit 2017 (https://owaspsummit.org/Working-Sessions/Research/Using-ML-and-AI-to-detect-attacks.html)
* [OWASP Projects Review during OWASP AppSec EU 2017 in Belfast] (<nowiki>https://2017.appsec.eu/program/project-reviews</nowiki>
* "Cyber Security for Financial Industry" talk in TSAM London 2017.
* OWASP GSOC 2014 Mentor (review initial stage projects).
* OWASP Syria Chapter Leader (2010-2015)
* "OWASP top ten & Payments Application Security" talk (Payment Risk Forum - Beirut - April/2011)
* Arabic translation for couple of OWASP newsletters in 2010
* "Application Security & OWASP top ten" talk (6th ICT Security Forum - Damascus - October/2010)

OWASP Top 5 Machine Learning Risks

2017-09-06T07:08:23Z

Talal Albacha: updated the FAQs section

OWASP Top 5 Machine Learning Risks

2017-09-03T03:25:03Z

Talal Albacha: updated more sections

OWASP Top 5 Machine Learning Risks

2017-09-02T00:12:27Z

Talal Albacha: Update major parts of the page.. still some sections needs to be updated

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==The OWASP Top 5 Machine Learning Risks==
The idea is to build the required resources which help software security community to understand the emerging technology of machine learning and how it is related to security, warn them about the risk associated with using ML, and discuss the defending techniques.

==Description==
Machine Learning has recently re-emerged as a powerful tool in multiple business sectors, especially when it is used for Predictive Analytics at the scale of Big Data. This technique becomes vital when it is harnessed for the Security services and applications like Fraud Detection, Anomaly Detection, Behavioral Analysis, etc.

Although these applications have huge success, there are security risks associated with the learning technique especially the security of the learning phase; which can still be vulnerable to threats originated by potential adversaries, and consequently it has considerable impact on their prediction results

This project will list these risks and the defending techniques

==Licensing==

The OWASP Top 5 Machine Learning Risks project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
.

== Presentation ==

TBD

== Project Leader ==

* Talal Albacha: I have long experience in the application security field and I have strong academic background in machine learning.
* [[User:Talal Albacha]]

== Related Projects ==

*

== Openhub ==

* [https://www.openhub.net/orgs/OWASP OWASP Project Openhub]


| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==
TBD

== News and Events ==

*

== In Print ==

This project can be purchased as a print on demand book from Lulu.com

==Classifications==
{| width="200" cellpadding="2"
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. The first contributors to the project were:

* [[User:Talal Albacha]]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

We will have ANNUAL release of the up-to-date top 5 risks, organized as following:
* Draft version
* Community responses
* Validate in AppSec conference
* Release final list for the year.
As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]