SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more!
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders.
Segment resources:
https://www.forrester.com/blogs/generative-ai-will-not-...
Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more!
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i...
Get weekly updates
The most current cybersecurity news involving application security.