GitHub Copilot & Advanced Security : The Fox Guarding the (code) Henhouse
ShiftLeft Blog
by Bruce Snell
3w ago
GitHub Copilot, the AI-powered coding assistant, has emerged as a game-changer in the software development landscape. By harnessing the power of generative AI, Copilot promises to accelerate coding tasks, boost developer productivity, and even democratize coding by making it more accessible to newcomers. However, as with any transformative technology, there are caveats. In Copilot’s case, they revolve around security. The Inherent Risk of AI-Powered Code Generation Copilot’s allure lies in its ability to generate code snippets, complete lines, or even entire functions based on context and natu ..read more
Visit website
The Qwiet AI Code Doctor Will See You Now – Introducing AI AutoFix
ShiftLeft Blog
by Stuart McClure
1M ago
Qwiet AI and the ancient Greek physicians like the father of medicine Hippocrates have much in common. Hippocrates highlighted the significance of a healthy diet and lifestyle in preventing diseases and acknowledged the root cause of physical and psychological ailments as diet and lifestyle choices (Διαιτήμασί in Greek), and now Qwiet AI is delivering his ultimate truth in the digital world with true cyberattack prevention. Delivering on a near two year promise by us when I took over as CEO in 2022 to apply predictive (and now generative) AI to the world of AppSec and source code, Qwiet AI is ..read more
Visit website
Revolutionizing Vulnerability Detection and Patching
ShiftLeft Blog
by Chetan Conikee
1M ago
In the ever-evolving landscape of software development, ensuring the security of applications has become a paramount concern. As cyber threats continue to grow in sophistication, it is crucial for developers and security professionals to stay ahead of the curve. This article explores a groundbreaking approach that combines the power of Code Property Graphs (CPGs) and Large Language Models (LLMs) to revolutionize vulnerability detection and patching processes. Understanding Code Property Graphs  Code Property Graphs are a powerful tool for representing and analyzing the intricate relations ..read more
Visit website
What are the limitations of using ChatGPT to write code?
ShiftLeft Blog
by Bruce Snell
2M ago
Love them or hate them, large language models (LLM) are here to stay. After opening the Pandora’s Box of ChatGPT in late 2022, everyone from developers to grandmas began using the tool to get the answers they wanted – and fast. As with every other new technology, ChatGPT created a new set of security risks, impacting both organizations as malicious actors use it to write realistic phishing emails and developers as they seek to improve their delivery times.  If you’re looking to use ChatGPT for coding, you should understand its capabilities and limitations so that you make informed decisio ..read more
Visit website
Why Is Vulnerability Remediation Hard?
ShiftLeft Blog
by Bruce Snell
2M ago
Imagine yourself standing in a local fair at night. The bright lights from the games beckon you, and you see your favorite game, the one you’re best at – Whack-A-Mole. You excitedly walk up to the booth, plunk down your few dollars, and get ready to whack a bunch of plastic, animatronic moles back into their holes. You have the best time of your life that night as you hit an all time high score.  Now, you’re sitting at your computer, reviewing the vast myriad of vulnerabilities that your static application security testing (SAST) tool generated. You might be feeling overwhelmed, like you ..read more
Visit website
AppSec 101 – Dependency Management
ShiftLeft Blog
by Bruce Snell
2M ago
Introduction In the world of software development, managing dependencies is like keeping the gears of a well-oiled machine running smoothly. Get ready to dive deep into practical strategies and tools that streamline your development process, ensuring your projects are as efficient and error-free as possible. This is your guide to mastering dependency management, making every build and deployment predictable and stress-free. Understanding Dependency Management In software development, dependencies refer to external components such as libraries, frameworks, and services that a project requires ..read more
Visit website
AppSec 101 – Error Handling and Logging
ShiftLeft Blog
by Bruce Snell
2M ago
Introduction Have you ever wondered why meticulously coded applications sometimes falter or how the unseen processes within can impact user experience? This article dives into error handling and logging—essential practices that ensure software resilience, security, and maintainability. You’ll learn the significance of these components, understand their implementation, and discover tools that fortify application development.  What is Error Handling? Error handling is the technique developers use to manage unexpected situations in a program’s execution. Think of it as the safety net that c ..read more
Visit website
AppSec 101 – Output Encoding
ShiftLeft Blog
by Bruce Snell
2M ago
Introduction Ever wondered how web apps keep your info safe from hackers? This blog post is all about Output Encoding, a key trick in the web developer’s handbook that stops bad scripts from sneaking into websites and causing trouble. We’re going to show you why it’s super important, how it’s different from other security moves, and how to use it the right way. Stick with us, and you’ll learn some neat ways to make your web projects a lot safer for everyone. What is Output Encoding? Output Encoding is a security technique used in web development to convert potentially harmful characters from ..read more
Visit website
AppSec 101 – Input Validation
ShiftLeft Blog
by Bruce Snell
2M ago
Introduction Ever wondered what separates a secure application from a vulnerable one from a developer’s perspective? It often boils down to how well you handle user inputs. In this blog, we dive into input validation, an essential yet sometimes overlooked aspect of coding for security. It’s a straightforward guide on the why, how, and what of input validation techniques, offering practical insights and actionable tips. By the end, developers will gain valuable skills to enhance app security and improve overall coding efficiency. What is Input Validation? Input validation is like the bouncer a ..read more
Visit website
Understanding XSS vs CSRF
ShiftLeft Blog
by Bruce Snell
2M ago
When it comes to web application vulnerabilities and attacks, malicious actors are a lot like Cookie Monster, screaming, “Me love cookie!” Digital cookies may not be as tasty as chocolate chips, but they’re just as deliciously enticing because they often contain sensitive information or enable attackers to gain unauthorized access.  While both Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks use similar terminology and can impact user access and session cookies, they have different methodologies and impacts. To correctly secure your application, you should understa ..read more
Visit website

Follow ShiftLeft Blog on FeedSpot

Continue with Google
Continue with Apple
OR