Intro
Future is bright! Hopefully not from nuclear radiation.
Recently the chatGPT emerged into the spotlight, everyone was trying to somehow use it. But what ChatGPT offers?
We’ve trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests.
There were some attempts to weaponize openai https://twitter.com/lordx64/status/1598023663328014336
But my question would be - could we use it for product security?
And answer is quick: yes, we can!
Idea
Imagine having a simple problem, like in my previous post, Golang SQL Injection: https://go.dev/doc/database/sql-injection
Let's find out, what the ChatGPT thinks about these, two lines of code:
So we got interesting solution with information about security in your product. Think about it as OWASP Proactive Controls with OWASP Cheat Sheet, with Microsoft Paperclip communication skills.
The only issue is that: proposed solution for vulnerable line of code from first question, would not fix the problem with SQL Injection. Instead of suggested solution, it should provide clear guidance, to construct db query, as in the second example.
Outro
Yes, it's impressive and uncomfortable in the same time, especially in context of Terminator 2, that've recently watched.
But let's make one thing clear, these information was already here. Using simple google search:
. And these OWASP projects are available, for free, all the time.
Links
https://en.wikipedia.org/wiki/Office_Assistant
https://owasp.org/www-project-proactive-controls/
https://cheatsheetseries.owasp.org/
https://chat.openai.com/chat
Disclaimer
Background picture generated by the DALL-E.
Top comments (0)