These codes are also being developed as application programming interfaces (APIs), creating a higher risk of API-related attacks.ĪPIs were primarily used as a standard means for two applications to talk to each other and exchange data. Human developers should always be involved in reviewing the output and enabling DevSecOps practices before launching these new digital services.įrom coding to connecting-the risk of APIsīacker noted that modern applications are modular, encouraging the use of AI-generated codes to develop smaller reusable codes. If the models were embedded with vulnerabilities, the codes generated may not be secure. “The AI-generated codes may have built-in vulnerabilities,” he added. Backer noted humans should always be involved, ensuring security processes are in place to validate the input and review the output. Nevertheless, human factors can never be eliminated. Without these regulations, he said CSOs should act as a group to request technology providers to be bound by commercial contracts and compensate for related attacks.Īdditionally, Laycock said businesses should ask their low-code provider more security-related questions: what are the security features embedded in the platform? What is the process for reporting and fixing security vulnerabilities? I believe they should be subject to regulations similar to banks,” said Gan, who is also a speaker at the firm’s upcoming Hack A Day to share findings on the risk of the technology supply chain. “There are not enough regulations to ensure these technology providers manage the risk properly. In that case, the vendors are not obligated to compensate their customers. Suppose the digital services developed on these platforms create vulnerabilities that lead to an attack. While the scale of operations allows no-code providers to invest in security, Gan said such a scale of operations also offers immense opportunities and potential returns for attackers.ĭespite these technology providers' significant impact and risk level, Gan said they are not liable for their customers’ financial loss. Attack on these vendors will tremendously impact many businesses across the industry.” There are probably thousands of businesses using the same platform to develop their digital services,” said Kok Tin Gan, partner at PwC and founder of Dark Lab. In addition, the rising popularity of no-code platforms and SaaS among business users also means enterprises rely on these platform providers for the security measures of their digital services. “Businesses that simply consume the code generated from AI will also lose the expertise they would have with human developers.” “AI usually generates pieces of code individually, but do these pieces integrate well? Is there a process to validate the input or SQL injection of the code?” said Backer. According to Shanhnawaz Backer, senior solutions architect at F5, this could dramatically ramp up the pace for businesses to launch new apps but miss the thorough security best practices that human developers would apply, like reviewing the code integrations or input validation. Using AI and low-code platforms also democratizes coding, allowing non-developers to create apps. This allows attackers to hit businesses faster, harder, and more frequently. Laycock noted that AI can not only automate coding but also automate attacks. What “Cobra Kai” Can Teach Us About DevSecOps
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |