DEV Community

Cover image for OpenAPI/ChatGPT as security tool
Artur Balsam
Artur Balsam

Posted on

OpenAPI/ChatGPT as security tool

Intro

Future is bright! Hopefully not from nuclear radiation.

Recently the chatGPT emerged into the spotlight, everyone was trying to somehow use it. But what ChatGPT offers?

We’ve trained a model called ChatGPT which interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests.

There were some attempts to weaponize openai https://twitter.com/lordx64/status/1598023663328014336
But my question would be - could we use it for product security?

And answer is quick: yes, we can!

Idea

Imagine having a simple problem, like in my previous post, Golang SQL Injection: https://go.dev/doc/database/sql-injection

Let's find out, what the ChatGPT thinks about these, two lines of code:

Image description

So we got interesting solution with information about security in your product. Think about it as OWASP Proactive Controls with OWASP Cheat Sheet, with Microsoft Paperclip communication skills.

The only issue is that: proposed solution for vulnerable line of code from first question, would not fix the problem with SQL Injection. Instead of suggested solution, it should provide clear guidance, to construct db query, as in the second example.

Outro

Yes, it's impressive and uncomfortable in the same time, especially in context of Terminator 2, that've recently watched.

But let's make one thing clear, these information was already here. Using simple google search:
Image description. And these OWASP projects are available, for free, all the time.

Links

https://en.wikipedia.org/wiki/Office_Assistant
https://owasp.org/www-project-proactive-controls/
https://cheatsheetseries.owasp.org/
https://chat.openai.com/chat

Disclaimer

Background picture generated by the DALL-E.

Top comments (0)