Unveiling the Power of AI in Software Security at DevSecCon

nikitakoselev

Nikita Koselev

Posted on June 30, 2023

Unveiling the Power of AI in Software Security at DevSecCon

Sometimes the very best conferences are online and even free to attend, like DevSecCon from @snyk.

Attending such conferences is a nice and efficient way to meet like-minded people and improve your software security skills. And improve you shall because the software security market is hot now, and probably it's the only software market which is still hot at the moment. Well, security and AI markets are hot 😁

I love open source, AI, and I have an interest in security.
Imagine my surprise when the very first talk I attended covered all three of them?

Well, open source was covered indirectly, but the speaker was Joseph Katsioloudes who works at @github Security Lab.

Key points of his talk ⬇⬇⬇

Cybersecurity is hard 😭😭😭

For 100 developers there is only 1 AppSec Specialist.
That is one of the reasons why there are so many vulnerabilities.

Cybersecurity is hard

1 App Sec Specialist for 100 developers

@GitHubCopilot is an amazing #AI tool that considerably improves developer's productivity.
55% faster coding
75% more fulfilled
46% code written

GitHubCopilot effect stats

4 ways developers can use #AI to leverage the world's #security knowledge

  1. Write safer code
  2. Find a bug
  3. Developer Training
  4. Get tailored guidance

@GitHubCopilot won't always produce secure code by default.
Sometimes you will need to provide context, to improve things.

GitHubCopilot-generated code with a security vulnerability

Same code with 1 security vulnerability fixed

@GitHubCopilot was not created to replace security tools.
While using @GitHubCopilot - always use security tools to make sure your code is secure.

You can ask @GitHubCopilot to explain different types of vulnerabilities to you. For example, "Please explain SQL injection security vulnerability to me".

You can use other #AI tools, for example #ChatGPT to get some tailored guidance and other things.

There are still some things #AI is not good at.
For example - #AI is not yet good at defining entry points / attack surface

There are numerous AI opportunities for Cyber Security

  • Threat Intelligence
  • Penetration Testing
  • Security Operations
  • Malware Analysis
  • Incident Response
  • Generate Reports

AI opportunities for Cyber Security

It was one of the best talks I saw lately.
Please feel free to watch the talk "Human vs AI: How to ship secure code" here.
Please feel free to watch DevSecCon conference videos here.

Spetial thanks to @snyk_sec for powering the DevSecCon.

💖 💪 🙅 🚩
nikitakoselev
Nikita Koselev

Posted on June 30, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related