MS Thesis Defense, Syed Jehanzeb
Title: Code validation through machine learning: a left-shift focus exploratory study
MS Thesis Defense: Syed Jehanzeb, Students of MS Data Science, IBA Karachi
Advisor: Dr. Faisal Iradat
External Examiners: Dr. Tariq Mahmood (IBA-SMCS) | Dr. Muhammad Waseem (Sultan Qaboos University)
Date: January 27, 2026, at 03:00PM
Venue:
Tabba Conference Room, Tabba Academic Block, Second Floor [North Wing], Main Campus, IBA Karachi
Abstract
The digital transformation sweeping the globe relies heavily on Application Programming Interfaces (API) for information exchange, resulting in an upsurge in API use, which often remain unmanaged and introduces substantial security risks. The OWASP API Security Top Ten list highlights the critical vulnerabilities surrounding unmanaged APIs, guiding research and industry efforts. The existing research is more focused on shift right security paradigm leaving room for shift left security, i.e. security early in software development life cycle (SDLC). Catching security issues early in SDLC requires data on best practices, which then can be learned through machine learning. Though acquiring the data on best practices is a struggling objective, hampering the focus shift left security. The thesis uses OWASP API Top Ten Vulnerabilities to identify the exploits and develop focused security related codes, resulting in a custom dataset of 60 labeled python snippets. The codes were then used to train Machine Learning models by employing Natural Language Processing tools and various machine learn[1]ing algorithms where ensemble methods outperforming single classifiers. The Extra Trees Classifier revealed the best test accuracy of 83.3%. To identify the factors influencing the machine learning results, I used eXplainable Artificial Intelligence tools such as SHapley Additive exPlanations (SHAP) which was employed to provide transparent feature importance analysis, which among other things identified that in most cases security is just assumed to me managed and not focused upon.
