DEV Community

Cover image for Unveiling the Power of AI in Software Security at DevSecCon
Nikita Koselev
Nikita Koselev

Posted on

Unveiling the Power of AI in Software Security at DevSecCon

#ai #security #chatgpt #githubcopilot

Sometimes the very best conferences are online and even free to attend, like DevSecCon from @snyk.

Attending such conferences is a nice and efficient way to meet like-minded people and improve your software security skills. And improve you shall because the software security market is hot now, and probably it's the only software market which is still hot at the moment. Well, security and AI markets are hot 😁

I love open source, AI, and I have an interest in security.
Imagine my surprise when the very first talk I attended covered all three of them?

Well, open source was covered indirectly, but the speaker was Joseph Katsioloudes who works at @github Security Lab.

Key points of his talk ⬇⬇⬇

Cybersecurity is hard 😭😭😭

For 100 developers there is only 1 AppSec Specialist.
That is one of the reasons why there are so many vulnerabilities.

Cybersecurity is hard

1 App Sec Specialist for 100 developers

@GitHubCopilot is an amazing #AI tool that considerably improves developer's productivity.
55% faster coding
75% more fulfilled
46% code written

GitHubCopilot effect stats

4 ways developers can use #AI to leverage the world's #security knowledge

  1. Write safer code
  2. Find a bug
  3. Developer Training
  4. Get tailored guidance

@GitHubCopilot won't always produce secure code by default.
Sometimes you will need to provide context, to improve things.

GitHubCopilot-generated code with a security vulnerability

Same code with 1 security vulnerability fixed

@GitHubCopilot was not created to replace security tools.
While using @GitHubCopilot - always use security tools to make sure your code is secure.

You can ask @GitHubCopilot to explain different types of vulnerabilities to you. For example, "Please explain SQL injection security vulnerability to me".

You can use other #AI tools, for example #ChatGPT to get some tailored guidance and other things.

There are still some things #AI is not good at.
For example - #AI is not yet good at defining entry points / attack surface

There are numerous AI opportunities for Cyber Security

  • Threat Intelligence
  • Penetration Testing
  • Security Operations
  • Malware Analysis
  • Incident Response
  • Generate Reports

AI opportunities for Cyber Security

It was one of the best talks I saw lately.
Please feel free to watch the talk "Human vs AI: How to ship secure code" here.
Please feel free to watch DevSecCon conference videos here.

Spetial thanks to @snyk_sec for powering the DevSecCon.

Top comments (1)

Collapse
 
snyk_sec profile image
SnykSec

Great post @nikitakoselev . Glad you enjoyed this

Read next

retr0kernel profile image

SmartVerify : Securing Smart Contracts with Our ML-Powered Solidity Vulnerability Scanner WebApp

Krish Srivastava -

giuliano1993 profile image

Rivet - JS, AI and the agent builder we deserve

Giuliano1993 -

rerunio profile image

How to visualise MediaPipe’s Hand Tracking in 2D and 3D with Rerun

Rerun -

akshay007 profile image

Building Library Assistant using Lyzr SDK

Akshay Keerthi -