 Wonderful. Thank you. Thank you very much and welcome everyone to this session. My name is Simon Maple. And today, yes, we're going to be talking about AI hallucinations and manipulation. So let's jump in. Joining me today, Loran Tal, director of developer advocacy. Loran, how are you? Oh, good, Simon. Happy to join you. Absolutely. It's always a pleasure. Always a pleasure presenting with you. So looking forward to today. My name is Simon Maple. I'm head of AI advocacy at Sneak. We're both colleagues at Sneak. And in fact, you're on the JavaScript side, and I'm on the Java side. So welcome to the Java side for about an hour or so. And then you can go back to JavaScript. Amazing. So today we're going to be talking about AI, as mentioned. First of all, Loran is going to give an introduction to AI. Tell us a little bit about how it's used in development today. And then we're going to talk about or rather jump straight into some code and show you a coffee shop being built with generative AI with co-pilots specifically. And we're going to live hack that and show you how vulnerabilities jump into that code and how we can extract it from that code as well. And follow up with a little bit of a conclusion in the learnings and takeaway. As mentioned today is very, very interactive. So feel free, please, to let us know maybe where you're from, what you do in the chat. And as we go through discussions and Q&A can be done through both the Q&A and the discussions in the chat. So Loran, over to you. Awesome. Let's get started. So you've probably heard about AI GLLMs in the past few months. It's a no very hot topic. Generative AI specifically has been something that developers have been using in recent times to basically code faster, sheep faster, basically has speed up the entire delivery process. One of those things that we've seen more and more is a lot of views around things like, you know, Github co-pilot and Chai GPT, all of these things. And so if we take a second just to like reflect on the usage there, right? So some studies like AWS and Github show that it contributes to 55% more of like an increase. Our productivity for developers using AI, we see developers who are using AI are 27% more likely to basically complete a task, a coding task that they get with the use of AI tools like those kind of tools that we mentioned, maybe others as well. Github, based on Github study, we also see that 92% of US developers are already using AI in their, you know, day-to-day tasks as well. So this is definitely, you know, a hot topic around. And so what are the security nightmare? What are the issues that we're actually bringing up? And I actually want to start this up with a poll. So we'll get a poll coming up. Basically, how do you feel about security when we relate that to AI, right? To LLMs, to using those kind of tools to speed up all of your delivery of code? Are you feeling much more secure using AI than the code that you write, you know, moderately less or much less? Maybe it's as secure as you write. So I'll give you, you know, a few seconds here. Go through this. Choose the ones. Well, I can vote myself, which is a problem here, I guess, but I also don't want to be a bit biased here. So let's see. Give it a few more seconds. All we know is it's magic, whether it's more secure or less secure, it's magic. Magic that we need to worry about. Start to like obstructions in software. Yes. Cool. So I will get the results a few seconds in. Just completed. Let's see. All right, cool. So everyone got, oh, the most one is moderately less secure than the code I write with 36%. As secure as the code I write as a good second best with 33%, so about a third of us replied out and then much more secure, which is definitely more secure less, which is very interesting. I love this. You're all probably quite on point on this. So let's talk more about this, Simon, and, you know, talk about the fact that what's the actual issue here, right? Like, and the pull status is very much related to this. Essentially, you know, to cite some studies on this as well. The new NYU saw 40% of co-pilot code creating more vulnerabilities. So kind of ask the question is, you know, do developers trust more or less AI? Right. If you trust, if you put more trust into AI, potentially this could be alarming because you're putting a lot of trust in something that essentially might give you less secure code. A study from Stanford found developers that do use AI produce much less secure code than developers with AI. So that is also very much relatable to those poll results that we just saw. So given all of this, let's talk about some other aspects of AI, and this is the topic of hallucination, which is basically the fact that using AI is probably something that we know happens, but the way that we use it and its output is much more of a concern for us. One of these is AI hallucinations, which essentially means that we potentially ask a question and get the very, very wrong answer back. So for example, in this study, we asked, we asked, you know, to create, to solve a very simple math problem, five times nine plus four times three, give us the answer, which is answered as 51. For those of you who have tried to do a quick matter, this is an incorrect answer. We asked again, and there's a given an explanation, and we asked if it's sure about this, and it replied, you know, of course it is. So it's very confident, but on something that is very wrong on, which is something again alarming that we kind of have to understand. So this is one hallucination where AI just makes things up, you know, based on whatever the data is. We see other examples of this, you know, beyond just chat GPT. For example, there's been a lawyer who was using GPT for different legal research, like, you know, researching presidents and stuff like that. Now facing sanctions or being revoked from the bar. Australia saw this incident of the mayor that actually filed a defamation lawsuit against it. And so all of this set of essential AI hallucinations and different issues show us that AI can be wrong, but of course it doesn't know that it's wrong and that's a problem. So where does that leave us in terms of code, right? Because we do use AI, and this is the concept, this is, you know, the very much topic of using AI with code. And here we care about the code being, you know, performance and all of those kind of things, but also secure. So it doesn't actually create new vulnerabilities, new code security issues. So how do you use that in a day to day is an important one and we're going to deep dive into a whole coding sessions right now with Simon. So to get started, what we want to do here with Simon is use the Java app. We're going to use Spring Boot to basically we have a few tasks here and we'll do those with you to basically code a simple application and we'll use AI to do it. And through that session, through this whole process, we'll go ahead and see how vulnerabilities are created and exploit them together with you. So you can also understand those aspects. So let's get started with the actual technical stuff for you to kind of like very quickly review what's going on. So first off, we're going to have this homepage, which are going to have a list of beers. So these are going to be our products, how much they cost and everything. We're going to be able to, we're going to have a repository. So if you can take us to the repository, Simon, we're going to see where we have, there we go. There we go. So this is our code. We're going to be able to, yeah. So this is where it's hosted. You can also use it after this session. We are going to create, should we create a new branch or Simon? What do you think? Yeah, let's put a new branch. I'm going to, let's say, let's say Linux foundation branch, where we're going to do our feature branch under my name there. So I'll create that branch and there we go. That branch has just been created. Let's go back to the IDE now. We're going to use IntelliJ. This is a Java app, Spring Boot Based. Simon is going to check out this new branch and then switch to it where we have all of those, all of that new code that we're going to add over there. And once we get over to the branch, we're going to see the files that we have. And there we go. And what Simon already has open is you can see under resources templates, we have this index HTML file, which is where our app is presenting the contents. If you open that up on the browser, just so we see what's happening, you can see the body is pretty empty. And that is why when we load this up, there's nothing really happening there. So our first very immediate task is going to be to, you know, we have, we've completed this create home page task. Amazing. I'm going to take a lot pride of that because I'm not a Java developer and already got this completed as well. Well, the whole page is created, but it's actually kind of a little bit empty. So kind of like what we want to be able to do here is create a top banner and a product listing table within this page. So we want to actually be able to add some content here so that it actually looks pretty good. Right. So maybe I'll prompt you and give you a story here, Simon. How about that? Right. Okay, let's do that. So go to the body there. And I want you to basically add a fragment called header. Okay, let me get rid of these. So you want me to add a fragment called header. So a couple of things that I do know is we've got some fragments already here. So I have a header and I also have the products table there. So this is IntelliJ presentation mode, by the way. So it's nice and light for us. We'll be able to see this. So what I want to do is let's add, oops, I want co-pilot. I'm using co-pilot in here already. So this is going to try and prompt some things here. So I'm going to say something like add a header fragment. You can see the other completes coming up from a co-pilot was already completed this. So that looks good. That looks good to me. Yeah. Let's do something. What else do we need? We need a product stable. So let's do another fragment for the product stable itself. And hopefully we have like a nice banner at the top, which is the header. And then list of the product table. I think you probably need to fix the name. One thing that's very interesting here is what you'll notice with co-pilot is what I asked for. Again, you can see I've asked for a product table and I've got a fragment called product table back. What I actually need is a products table fragment. So if I do that, now I get the products table. So you've got to be careful what you ask for because co-pilot is going to give me exactly what I asked for. Okay. Should we ship it? Should we have a look? Yeah. Let's try it. Let's refresh. Let's refresh Java. And you can see how lightning fast Java is going to be here. Restart this. Almost as fast as JavaScript. Absolutely. And there you can see, because this is a test, it's populating these coffees and beers forming here. So if I come back here and refresh this page. Amazing. There we go. So I have my header, which is this piece here. I have my search products. And I can see my products with name, description, how much it costs, plus the type. So I have some coffees here and I have some beers here. And each one has a unique primary key, which is the ID. And to think Simon, you estimated this story as like two weeks on. I know. Right now. I know. Well, I had some holiday. Come on, buddy. Come on. Come on. Awesome. So here's the next task. We need to make that product table searchable. So we have that search form. We want to locate specific beers and allow users to search for a specific beer item that they want to buy from the product table. Okay. So I have a search product here. If I was to do a search, maybe let's search on street or something like that. If I hit submit, I get no products found, despite the fact that I know that exists. And the reason is if I come back here. If I come, if I go to my, to my search repository, the reason is because this search product is null. And in fact, if I go to my home controller, I'll show you exactly how we're getting here. I have a post mapping here on slash endpoint. And that, that invokes this search products method. It takes the request parameter, this input, this is anything I type into this search product box and it sends that directly through to this search product input. You know, passing it into that method. So I get input here directly from that box. So this is the, this is the space I want to write some code, right? Definitely here. We want to implement this one. Oh, let's see. So we see how good copilot is. It's very optimistic. Let's say it is very optimistic. I don't know what to do. Crickets. Crickets, Loran. Crickets. So what do I need to do here, Loran? All right. So we're getting, I mean, I'll let you go through this, but basically, you want to basically get the input. Yeah. So you're going to get maybe lowercase the input because we need to find it in the, in the database. Yeah. Let's see if it continues. Yeah. Does it continue to do the rest of it? What I want to do is I want to create a query that matches. So if I want to search matches the input, are they we go to the product name or the description? Okay. So anything, either, either any, any word in this or any word in the description, that sounds good. Yep. Oh, look. Yeah. That looks good. So let's take a look at what we do. We create a native query. We put that, we put that into a query type. We get a string back and select star from product, which is my table name where the lower search lowered the description. The description is like lower input or lower product name is like lower input again. And it passes in that product class. So that looks good to me. Yeah. Just get the results here. Oh, there we go. Amazing. Return the results to go on, go on, go on. Yeah. It did it. It did. Yeah. There it is. I don't want to tell the audience how long you estimated this one, by the way. No, no, no, don't, don't, don't. It's in 2024. I think it finishes. So I hit save. Yeah. Absolutely. It's a roadmap item. Q1. Okay. So I hit save and I refreshed that. Again, Java being lightning fast. This should be here already. Let me refresh that. Has it refreshed? Yes. Okay. So now let me test something. Okay. I'm going to do a test on, let's have a look at something. Maybe AIL could be a good one to do a test on. If I do a search there, oh, look at that. So we get elimination AIL, AIL and it's also where it's not existing in the name. I see it in the description. This works, Loran. So what do we do when it works? I know what we do. We ship it. So what I'm going to do is I'm going to select my changes. Select both of these. Why is that not working? Oh, these are just the changes here. Well, well, Simon adds all of this to the branch and updates them. So if you have ideas of maybe what could potentially have gone wrong here, you're welcome to add that into the chat and we'll get to it in a sec. But now basically what we're doing is we're adding those files to commit them and in a sec we'll get this shipped. So commit and push. Nine warnings. Oh dear. Warnings are okay though, right? Yeah, yeah. No test site or we don't need that. No, absolutely. Okay. That's the point of view. SQL injection. No, absolutely not. There's never an SQL injection in my code. My code's perfect. Let's push that. Okay. So that's two files committed and pushed. Let's go back to my Git repository. Recent pushes less than a minute ago. Compare them and send a pull request back to my master. Okay. Going from my branch to my master. Let's create that pull request. I like how you don't need to add any description. Absolutely. Well, you know, people, the description's in the code, right? I don't need to do that. So interesting people are saying there's an SQL injection and an unsanitized input in the SQL query. I wonder if I go back to my search repository, I wonder where you feel like that line would be. What is it that I'm doing? Just feel free to type in the line number if you feel like you know where that might be. Yeah. Oh, gosh. Oh, look at that. Look at that. There's one check that didn't succeed, Simon, here. And that looks like a code check from Sneak. Maybe I drill into the details to see what's going on. 25 as well. So let's take a look. I dig into that. All right. So Sneak here, just like sitting there with Kitap co-parallel is helping us figure out what's going on with the code. It does what's called as a SAST, a static application security testing, which checks whether there are security issues in the code itself, not just in third-party packages that we pop in with Bevan, but the actual code. So it looks like it found, what is this, an SQL injection. Yes. High severity. And congrats to everyone in the chat, Alex, Christopher, Tai, it looks like you are spot on. Could you maybe click on full details there? I'm going to open this learn because I have no idea what an SQL injection is. Let me just quickly take a look. SQL injection is one of the most widespread code vulnerabilities. An attacker inserts or injects malicious SQL code via the input of the application. Okay. So let's keep that in mind. Let's come back here. The full details. Absolutely. Yeah. Right. So we see now the actual code bats because Sneak is basically is on that repository on the code base. So it sees all the code and it is able to analyze, not just grab, find, you know, the specific keywords, but actually analyze the code itself statically and understand the source of the input that users are sending. So they're, you know, the user name and, sorry, the product name and the description, how that flows through the codes and from the source to the sync, which is basically the query itself being created and submitted to the SQL engine behind the scenes. And what we're seeing here is that there is indeed an SQL injection because what's happening is that potentially happening. We'll say it in a second when we actually exploit this. We see that the user input, as you can see here, lower input, that variable there is actually flowed and used in and concatenated into the SQL query that we're running. So how do we fix this then? How do we have this sanitization? I think there's like a fix analysis there. So maybe that gives us some clue into seeing how to fix it. So this shows us several examples. One of them is this one of other code repositories of how they fix it. And we can see below, it tells us, you know, you need to use a prepared statement to see a different project that is open source, how they fixed it. So others, these things called named parameters or prepared statement which use the named parameter, you know, methodology as well to actually tell the SQL engine, this is not part of the query itself that needs to get evaluated. But this is a user input, a variable that needs to be replaced in. And then, you know, some of the answers here were saying, you know, un-sanitized input in SQL query in the chat and that's correct. That's what the SQL engine behind the scenes knows what to do. This is how we need to fix it. Do you want us to hack it as well very quickly? Well, let's try, yeah. Let's try hacking it. Okay. Cool. I'll paste something. I think you might have that stored there, but I'll paste something here to the chat. But also if you want to paste anything in the chat as well to show us how to hack it. But essentially what we want to do one example here is if we're able to interact with the chat, what we may want to do, Simon, is since I might want to buy one of those beers, I might want to just reset all of those prices to zero. So what I'll do is I sent you one of those in the chat. You can copy paste it or just pushed it into the search box here. So basically we're saying we're going to terminate. We're going to terminate this search field, then use a semicolon to say terminating the query itself, then run a new SQL query update product set price zero and then use dash dash, which says the rest of the query that is in the code is basically just a comment. So if you send it. Okay. So that's been sent. And let me refresh the page now just to get the updated list. Free beer, free coffee. Everyone gets this can't be a hack. I mean, it's got free beer and free coffee for everyone. So it's only a good thing. Indeed. You're in a meetup. So make sense. Absolutely. So what I want to do is let's get rid of this line then. This is the, this is the danger line. Let's get rid of that. And let's, let's, let's do this in a slightly different way this time then. So named query, no named parameters. So create a query with named parameters. Right. Let's try that. Okay. So, uh, like input, like input seems to be okay. Both on the product and description. This time, this time we're using name parameters. And what was the other thing that you kind of mentioned? I need to do a set name parameter. Yeah. Exactly. We're in what he just said parameter is now being this lower and put that is coming from my, from my user. So if I save that and let's try and do that. That same thing. Absolutely Christopher best shop in town. There isn't a shop better. I tell you what, the number of users and signups we would get even though there's a vulnerability on it would be amazing. Um, let's go back. Let's, uh, let's come back here and let's try and do that same thing again. I'm going to copy what you sent me this time. Huh. Interesting. This time it doesn't do nothing with my, with my price list. It actually says no products found and presumably that's because what I passed in there, it's actually setting is actually sending this whole thing as a parameter as a string. And so as a result, no products match that string. And if I come back here, uh, my price is still, is still there. So, uh, what do I need to do? Well, let's commit and push that back up to my repository. Uh, make sure I pushed that. Um, and then what we'll do is, uh, we'll come back over to, uh, my PR check. Uh, let's go back to my, uh, pull request. And now that's going to be running those tests again. The same one. Yes. Let me ask you here. So you've fixed that. Um, how do you feel about finding a security issues, uh, this way? Well, I mean, it was good to find it before it hits production. But I tell you what, waiting for the waiting for it all to happen in, um, in, in a, in a pull request seems a bit late. Yeah. I don't want to have to push this across every single time, uh, before getting this. Yeah. I agree. I mean, it's pretty cool. We have it here. All of the CI checks here is a good way to kind of like great, uh, you know, a guard against all of those things coming in that might be vulnerable, but could we find it earlier? Like in the IDE in code, even though everything here passed, and this is now us fixing the SQL injection, we might want to give developers a better experience where they can actually find those security issues in the code. So maybe to the next. Yeah. Let's do that on the next one. Shift. Great. Amazing. All right. So the next one is we basically, so we, so we have users in the coffee shop. Um, Simon did log in with his own, uh, what we basically want to be able to do is allow them to personalize their profiles, which means we want to allow them to upload your picture, their avatars and set it up. Uh, so they have, uh, they have their own picture there. So let's go back into the coffee shop, explain what's going on. So I'm going to log in. My part, my username is Simon, my password. Don't tell anyone one, two, three, one, two, three. If I log in, I think Chrome look telling me my password. So good. There we go. If I go to my profile, uh, I can scroll down. I can hit upload, choose file. Uh, let's grab, uh, Simon, Maple. Uh, there I am. Okay. Wonderful, wonderful profile picture. Amazing. I hit upload image. Three percent. But I hit, I hit upload image. Nothing happens. If I go back to profile, nothing is there. You know why? Okay. Uh, let me guess. You need to implement that story too. Absolutely. You need a month, a month. Absolutely. At least minimum, minimum. Uh, if I go to upload images, nothing happens here. I need to do this. So what do I need to do? Let me think. Um, so I get a file in. Okay. So what I need to do is I need to take that file. Uh, let's say save file. Oops. Save file to not my, not the uploads directory, but to the uploads. Directly. And the difference why it's not slash uploads might even be slash uploads is because the upload directory is where I want it to to be. It does look like slash uploads. Um, but just in case that changes. Okay. So copilot is telling me get the fight, get the original name of the file name. And that will be Simon Maple, the Simon, I think it was Simon dash maple dot png or dot jpeg. Replace spaces with underscores. That sounds reasonable. Um, file name and path equals path dot get. And it concatenates the upload directory to my file name. That sounds great. Uh, and then do a file dot write, uh, with the file name and path. Uh, and then, which is the, uh, upload directory plus that. Uh, file name and then push all those wonderful bites to it. And the thing I'm going to uncomment here, whoops. The thing I'm going to uncomment here is once that happens, I want to, uh, first of all, say the, is it called name? Yes, it is called name, uh, upload, say uploaded images and provide that name back and then update the person in my personal repository to say, um, to say, you know, when I go to that person, it pulls that, it pulls that, uh, image for me there. So that looks good. I think let me re, uh, run that and, and quickly test it. This time when I test it, though, I'm going to do it in a burp suite browser. Cause I've got a feeling. I've got this horrible feeling Loran. You're going to tell me it's insecure in a second. Um, so let me do that again and see what happens. Okay. What's my password? Uh, oh yes. See, that's why it's good to have bad passwords. Uh, okay. Go to my profile. Let's upload, choose file. That file is Simon. Maple Simon dash maple. PNG. I think it is. Let's open that. Let's click upload. Right. It provides me with that success message saying uploaded images. If I go to my profile, there I am. Wonderful. No, it works. This works. And in fact, if I go over to my HTTP history, I can even see the, the request from response that gets sent. And I can see my file name that I send. That's my original name. And I can see the file that I sent. So tell me there's nothing wrong with this, Loran. I'd say it's amazing. It doesn't look like anything's wrong. It's just, just use it, push it to production. Do you want to do that? Or maybe let's talk about it for a second. Well, let's talk about it. Let's talk about it. Give me a code review. Yeah. Okay. Cool. So by the way, feel free to chime in. You folks with us in the chat with any input you have on this. It looks to me like maybe we're writing files not in the right place, but let's, let's go and try maybe something else with the Berkberg. Let's try to actually try and hack it and see through that and learn what was actually going wrong here. What do you think about that, Simon? Do you want to try that? Yeah, that sounds good. That sounds good. Do we want to test first or do we want to try and hack? Let's try and hack it. Okay. Okay. Cool. So what could we do? So you have this, you have this upload request you're sent. And we can see if you can highlight the file name, Simon Maple, they're in the request. So we can see that the file name itself has been passed to your function and it actually is based on this. It saves it on disk. Now, what we want to do is maybe we are able to now write to different files on the server, not just in the upload directory, but maybe something else. So what we could do is if you want to go back to the web app itself, we're going to try and maybe find if there are some interesting files there. This is a static image on the top left coffee shop. There's like a sneak logo. This one? Yeah. Let's copy the image address there. So maybe we can overwrite your picture with that one instead. And we'll have, you'll be the CEO of sneak at this point. So let's do it here. It's what you want to do on the request itself. If you copy this image. Yeah, that seems to be okay. Go back to bureaucracy. And yeah, just use, you need to not place it here, but I'll actually click right click that. Yeah. Make it send it to the repeater itself. And then in my repeater, now I can edit this. That's what I do. That's a bureaucracy feature to allow us to basically replay requests back again with all of the cookies and everything saved. So we can save it here. Yeah. You don't need a whole local host because it's just a file name, but we do want to maybe use a dot dot slash batch reversal kind of notation because we want to go outside of the current directory into the top one. And I think you need to just move that. Should you, is that on the same line itself? It is. Yeah. I just don't know if I do that. Oh, there we go. Yeah. Make sure that it doesn't have a carriage return or a line feeder. That looks okay. So we're basically now your code is if you send it, let's see what happens. So it's upload success. But yeah, to a different place. And if you go to the top, yeah, GDP 200, that looks okay. In terms of the hack itself actually worked. And if you refresh this page, maybe we'll see your picture there instead of the sneak logo. Oh, no. There we go. I'm famous, Loran. Yes. Like I said, the CEO of the coffee shop and sneak, but go back to the, go back to the IDE here. And I think that maybe you could have used this whole thing by yourself and you would not really need me to explain to you what was going on here. Do you want to show us why? Yeah. Okay. Ah, so this is using sneak in the ID. So what I can do from here is I can quickly scan the code here and see if there are any vulnerabilities that exist in my, in my code. And you can see this is the list of all vulnerabilities per file or per class per Java class in, in, in my, in my workspace here. And you can also see the squiggly lines on the ID itself. So I'm writing code and testing. It can identify. Red's bad or it's always bad, isn't it? Let's take a look. If I open this, there's a path traversal. Okay. Now we see that similar thing to what we did in the, in the UI, right? We have something coming in, which in this case is a file. This is my user input, right? And it says here unsanitized input from an HTTP parameter flows into, into the files right where it is used as a path. This could be a path, path traversal, which is exactly what we showed in the, in the, in the demo. So that path comes across here. Well, that file comes across here. That is then polluting the name variable. That then pollutes the file name and path because that's concatenated there. And it's the file name and path, which then gets passed to the right. So this is, this is the piece that is being polluted. Right. Yeah. I think that's, that's where things go bad. So maybe what we should actually do is maybe that's, I mean, Copilot was helpful in again helping us code this, but unfortunately this ended up being an insecure code that it suggested. Yeah. You're going to like the suggested fix by sneak here, which is really cool because we can see what's the idea of how to fix it. So we need to use something called like get canonical path and just like some validation being done on the file path itself before we write to it to make sure that it's in an allowed path like a scope directory that is allowed to be, to be uploaded. So you want to use maybe, I don't know the Github Copilot prompts to ask it to validate or something like that. So I'll say file name, file name and path is vulnerable. It's not vulnerable. Maybe it was not vulnerable. Yes. A vulnerable to path traversal. I like that. Okay. That's it. Thanks you to learn. Maybe just to validate. Maybe test, move test and use validate. Let's try this. I mean this is not, not deterministic so we don't really know what's going on. Okay. What happens if you use that then and try more, but it completes more. Maybe what I would say is validate, file name and path is not vulnerable to path traversal. There we go. Let's see what we have here. So if file name and path to file, so that gets me the file, get the canonical path of that file, make sure it starts with the upload directory. So what we're saying is, once we've done that concatenation, does it start with the upload directory? So is it in the directory? Or at least this is saying, does it, does the directory I'm putting it in start with upload directory? The other thing that Sneak is showing here is it wants it to kind of like also make sure it is that exact directory. So plus file separators. I'll add that update there if that's okay. And if it is, if it does not start with that, then pass back an error and return this person upload. And then if we've passed that, then do the file, right? So I'm going to hit save. So here you can see upload controller here is, is obsolete because we've made changes to it. But let's see, we have six vulnerabilities here and upload controller is one of them. Let's delete that, rerun that, and let's test if that vulnerability still exists. There you can see we're back down to five and no directory traversal vulnerability in this list as well. So amazing. And I know what you love most about this, Simon. Go on. There's Java. You found it. Yeah, it's Java, but it's not the idea, right? You need to wait for this. The I to finish. Now I can go ahead and commit and push, and the vulnerability doesn't even make it into my root repo. So as a developer, I'm doing this at the speed at which I want to test locally and I'm coding locally. So this is much nicer for me from a dev point of view. 100%. Cool. So ship it. Let's go back here. AI stranger danger. Ship it. Done. What's next? Amazing. Okay. Let's go ahead and customize those product pages so that we can actually navigate to them and not just search for them. We want to see the product details themselves. Want to be able to do that from within the actual product table listing thing. So let's go back to the code. Okay. So actually there's one thing I can do here, which is very, very quick. And actually I did notice someone had already done part of this for me already. Let me go back to the IntelliJ. And what you noticed is in that table, I did use something called the products table. There we go. Now in this products table, I did notice someone half done. I think it was a JavaScript developer or someone because it was only half done. Here we go. Where we see the name passed in, this one, let me comment out that and comment out this one instead. This one you'll see the name actually now has a direct link. It's an anchor tag in here. And it direct links me out to a new page or a new endpoint called direct, which takes in param as a request parameter. It uses the product name. And that's where, what it effectively does there under the covers is then pull out data from that product and give me a unique page. So let me save that, reload that in hopefully there we go and come back here. And when this loads, give it a quick second. There we go. When that loads, you will see now each of these have their own lovely little links. And if I click on this, let's say morning look, if I click on that, we see the direct param taking in my product name. And then it does a pull directly from the database, pulling all the information. So that's pretty much done, right? You wish. What's wrong? So, I mean, if we've learned anything is that user input is dangerous. And it looks like there's user input there, the parameter, the query parameter called param, having a value of morning look flows back into the page itself where it's actually rendered in JavaScript. So that gives me the idea of like, you know, if I wanted to exploit this, I might set that to some JavaScript code, like, you know, script alert. Go ahead and maybe add that. Oh, I need to do another script here. Correct. Open the tag. Close it. Alert. Something like this. That makes sense. Yeah, that works. Oh, no. Bad. Because we were able to basically execute JavaScript on the page, right? So we could steal the cookie and do those, you know, very dangerous things like, till the cookies send it somewhere else with the nitric requests and all of those things. So we have a cross-site scripting here. It's a safe run. This is only running on my machine because if I come back here, this is always the product name. Mm-hmm. Amazing. Unless... Someone can change the product name, which like they did before in the previous SQL injection here, I might be able to say, update the product set by product name is equal to the script alert one script where ID is a specific thing. So what that would do is that would change this to be that alert one. And anyone who clicked that would then get that alert back up, potentially taking their session data and sending that to a malicious server or something like that. That's exactly what attackers do as well, right? It's not a single hack. It tends to be one hack after another hack after another hack. And there's many vulnerabilities that will get an attacker to that data. Right. And I think not many people would know about what to do here. So maybe they would venture into a different AI and try to review the code with a different kind of AI or an LLM to understand like maybe what is going on here because they may not be entirely sure what is wrong with the code that they use, right? Absolutely. And this is my code, right? And I can see what I'm doing here as part of this request. I pass in my request parameter, PRAM, into this build product page, which then uses the product name, description and all that to build this out as a direct HTML. And it writes both the product name and all of these out to the database. I guess this is missing validation as well, right? And if I take a look at this, this is exactly what Sneak is picking up here. Now, what I could do, of course, is I could send this directly to chatGPT and say, is this code ready for production chatGPT? And I pasted all my code in, including this build product page passing this in. And it tells me, well, the code, what did I say? Is it production ready? Is this code ready for production? And it gives me a ton of quite generic information, really, saying error handling, security, ensure proper security measures is in place, implement authentication and authorization. So a little bit later after all, sends me a ton of stuff. I say, tell me more about security. Cross-security is the code secure. And it gives me some various things. It does mention cross-site scripting. And it does say the code generates HTML manually in the build product page method. And that's really interesting. So I kind of like dig a little bit deeper in there and say, is there any cross-site scripting problem in this code? And let's have a look at what it says. Well, it says in the build product page, we do have a push out to production, sorry, out to that page, whereby we're writing various pieces of object directly to that page. But it actually missed the biggest one. It missed the one which is actually coming from that user input. The one coming from user input is this product name, right? And the product name here gets passed in as a parameter here from here. So in fact, I can click through here. The param goes through the build product page, into build product page, and then out to the writer.write. So why could chat GPT not pick this up? And the reason, of course, is chat GPT doesn't understand my code. It doesn't understand the code flows. When we pass something through this method, when it changes its name from param to product name, it has no idea, right? Because it doesn't understand these data flows. And so as a result here, it doesn't understand that this is user input. So very, very interesting. So I say, I need to defend against this. And it tells me exactly how I, as an attacker, should set up my server and send requests, passing a document cookie from my page over to my malicious server. So this is the script chat GPT is suggesting I send. Of course, I asked for it to say, what would I need to do to defend against this? Very, very interesting that chat GPT sends this. Anything you want to add there, Lorraine? No, nothing here. I mean, there's the issue, of course, of just generally speaking, the fact that you actually had to send your code over. So I'm pretty sure you'll kind of cover it, talk about it. But that's probably not the best practice to do. We don't want to share things like private intellectual property and things like that. Absolutely. Yeah, no, this is something which, of course, many, many people think is safe or sometimes not. No, it's not safe, but they want something, they want some output from chat GPT and so they just send snippets and things like that. But yeah, this is obviously sharing out our IP and our sensitive data, which is something I don't want to do. Yep. OK. So let's wrap up. Absolutely. Implement this. We are shipped. The ship at squirrel and the success. Amazing job, Simon. Thank you. Thank you very, very good. OK, so just a few slides to go. And if there's any questions, by the way, feel free to drop it into the Q&A and around. Maybe you can start monitoring that in the last few slides. We have a couple of those. We have a couple already, wonderful. So yeah, feel free to add any questions into the Q&A and we'll go through those in just a second. But from a learning's point of view, how do we approach AI assisted development in terms of a secure point of view? First thing is really when you are allowing your development teams to use generated AI and to use AI-enabled code completion, education and awareness is absolutely core. First of all, saying what you are and aren't allowed to use, what you can and can't do, particularly from an IP point of view and just a product point of view. Are you allowing co-pilot use? Are you allowing chat GPT? And is it the chat GPT that is enterprise ready that allows no training off of it and the SOC2 style compliant environments and deployments? So focus on security vulnerabilities, focus on IP data, focus on hallucinations and things like that, get people aware of these kinds of things. And secondly, human interaction is important, whether through automated tooling, through validating third party libraries actually are real that AI is suggesting for you. Don't trust, make sure everything is verified and validated, whether through a tool like sneak where it's automated into the IDE, the Git repo, the CI or whether it's a code review. Make sure you have good policy and policing to make sure that whatever is generated goes through these levels of testing. And make sure that what you use to test is fit for purpose. Chat GPT and things like that, they might look like they're good but they don't understand the code. Make sure you use something that understands the data flows, the flow of control through the programs and things like that. AST tools do this very, very well. And for some further reading, there's a couple of best practices or cheat sheets that I wrote, one around securely developing with AI, both from the AI assisted development, as well as applications, as well as the AI models themselves. And the second one here on the right hand side is a top 10, which OWASP created around securing LLMs themselves. And this goes from everything from prompt injection to denial of service, supply chain, particularly around training data and things like that. There's a huge amount there and this is a cheat sheet that I wrote for that as well. If you saw sneak and you'd like to try this, you can try it for free as well. This is sneak code, which we shared. We obviously also test things like open source code, open source libraries. We also test infrastructure as code and containers as well. This was just one piece that we showed today. And yeah, feel free to try that out. It's free for use as well as paid plans as well. And you can try out the sneak extensions in the IDE. I used IntelliJ. We support the JetBrains group of IDEs as well as others including VS Code, Visual Studio, Eclipse and many, many more. So feel free to try that out. And yeah, thank you very, very much for your attention. And please do add your questions in. Any questions that you have? Yeah, we've got a couple of those here. Okay. Let me note through one of them. So that's for outreach rates for everyone too. For existing code bases, AI can have a hard time ingesting in my experience which overwhelms it. Using it to create new code seems easier on the whole but that's not the most projects we encounter. So the question being how have you worked with existing large projects and used the power of AI moving forward? Yeah, this is a great question. It's all about context, right? And I think being a various different tools and AI generation tools, sometimes the more information you give it, the harder it will find to actually pick out the relevant pieces. I know there are certain different amounts of context you can create. In fact, some of the announcements with chat GPT, OpenAI just recently talked about GPT for Turbo and things like that. It's a much greater context. In fact, much greater amounts of code that it can ingest. One of the ways co-pilot works is using neighboring tabs which kind of doesn't necessarily learn context around everything in your project or everything in your GPT repo certainly. But what it looks at is also what tabs you have open and it can learn from that in terms of providing you with a better fit but more relevant code suggestion to your project. So yeah, I would say that's probably still one of its weaknesses in terms of being able to provide context-relevant advice but it has got a lot, lot better. I think in terms of co-pilot, I saw on a newsgroup somewhere someone said, I think it was one of the community leads said when they use neighboring tabs the number of accepted suggestions almost doubled. So this is a really relevant piece for them. Anything you want to add on to that as well, LeRan? No, I think that's kind of nails it. I also think it's, I would see kind of like code tools like GitHub co-pilot as assisted development rather than ingesting tens of lines, tens of hundreds of lines of code of a code base and telling you what to do. It's more like you want to implement something, you want to change, refactor, fix, write a test. And it's still very scoped even if you have, if there are some adjacent files, then you open them in different tabs like Simon would say. All right, awesome. Next question. Does sneak check for things such as uploading an image without stripping the metadata, example location or owner, or is this to implementation dependent? Yeah, no, great question. Sorry, did you want to take that one LeRan? I was gonna, I don't think we do. Yeah, my think is we don't specifically look at these kind of like business logic things like, you know, if you are stripping a location owner, whatever other header or metadata you have. But for example, what we might catch is if you are extracting it and you're using like the image metadata like location and then passing it over to save that in the database or running a process like a command process that you spin off based on that location or owner or something from the image, then that data is passed through. This is basically the source to the sync problem that we've seen with SQL injection. And those we are more likely to actually catch. You can actually even write, you can kind of like program the sneak code things with your own policies and like how to, you could actually have those in place through if you wanted to. So that's right. That's like, even if you wanted to add like business roles, which I think is like less common to do, but you could probably do that as well. Yeah, absolutely. Custom rules is absolutely a thing. Yeah, I think you're absolutely right LaRam with the source and sync. So what we would do is we would recognize if you're pulling metadata from a user provided file, that file is user input. So if you're pulling metadata, that is user input, but we'll only flag it if it gets to a sync point whereby something can be exploited if there is no sanitization between the source and sync. So yeah, that's what we, everything else is more almost like a quality or a best practices style policy, maybe that you would want to add in another way. But from a security point of view, it's only insecure when you hit the, when you hit the sync point. And a question just came in LaRam, is it possible to use the free version of sneak integrated with an IDE like visual studio code? And yeah, absolutely. You can, I think it's free for all, as long as you just create yourself a free account on our freemium tier, and it's not a trial, it's a freemium tier account. And then yeah, just go download your visual studio code, your VS code. In fact, it's... Yeah, get the extension from the marketplace from the IDE itself. Yeah, this one is the VS code one. So yeah, just go to the marketplace, grab the sneak code extension, you'll need to auth, that'll be your auth key, and it's from your freemium install. And yeah, yeah, good to go. You can start testing straight away. Sounds amazing. Simon, I have one last question that is, where do I get a pin to put like here for like a Java developer after I've done this session with you? Where do I get that? Where do you get what, sorry? I need a pin on my shirt, says a Java developer that I'm now certified after I've done this session with you. Do you know the pin? It's actually, you know, to have a clothing pin, that's very materialistic. What you have now, Loran, is a pin in your heart, and that tells you truly you are a Java developer. So put the JavaScript behind you now, Loran. Thank you so much. You're a converted Java developer now, and it's a pleasure to have you on the, is it the dark side? Is it not the dark side? I don't know, but yeah. Bye bye, JavaScript. Wonderful, absolutely. Well, thank you very much, Loran. It's been a great pleasure chatting with you, and thank you everyone for both contributing on the chat and the Q&A. And we'll pass over now back to the Linux Foundation. Thank you so much, Loran and Simon, for your time today, and thank you everyone for joining us. As a reminder, this recording will be on the Linux Foundation's YouTube page later today. We hope you join us for future webinars. Have a wonderful day.