AppSec & DevSecOps
W4-2F. In the Pipe, 5x5: Copilots + Automated Security
Wednesday, June 12, 2024 2:30 PM - 3:30 PM
Room 2F
GitHub Copilot and coding LLMs in general are on the precipice of radically changing how developers write code. In March 2023, Scott Guthrie of Microsoft shared that 40% of the code developers are checking in is now AI-generated and unmodified. I’d like to stress *unmodified*! While coding co-pilots can always be tweaked for specific classes of vulnerabilities (e.g. SQLi), the training data is still code written by humans. And we clearly make coding mistakes. Amplifying the problem is that developers don’t necessarily understand the code that was AI-generated (I can speak to this first hand). In these instances, more and more developers will ship the code if it appears to work. This is where automated security testing pairs perfectly with GitHub Copilot/LLMs to support developers and protect users. By automating static and dynamic analysis with GitHub Actions, developers can easily detect and remediate bugs in commits and pull requests! This will be a technical talk and use live demos to show attendees how to confidently ship apps built with the support of AI-generated code. Over the course of several weeks, I decided to build an iOS Hacker News reader in Swift. While I’ve programmed in multiple languages, I was new to Swift and SwiftUI and decided to leverage GitHUb Copilot. The experience was enlightening and I’ve published multiple videos on the topic on my YouTube change (https://www.youtube.com/@SPFExpert/videos). This talk would be based on the weeks spent learning and combining these emerging technologies. Attendees will learn best practices for automating security with GitHub Copilot, how to automate builds and security scanning with GitHub Actions and finally how to understand and resolve common mobile security and privacy issues.
1. Best practices for automating security with LLM (e.g. GitHub Copilot) 2. Learn how to automate mobile app builds (via GitHub Actions) and security scanning 3. Understand and resolve common mobile security and privacy issues