QonfX 2024 - Vandana Verma

'QonfX 2024' - Esteemed Speaker

Vandana Verma

Security Relations Leader at Synk

Deep Dive into AI Security

Explore how AI-powered coding tools can accelerate your project delivery while also posing security challenges. Join us for an engaging session where we’ll leverage GitHub Copilot and ChatGPT to swiftly develop a demo app and then demonstrate how the generated code may be susceptible to exploitation.

During this session, you’ll:

  • Gain an understanding of AI’s role in development and prevalent security risks associated with AI-generated code.
  • Utilize GitHub Copilot to construct a demo app for a coffee shop, featuring a dynamic homepage, searchable products, and personalized user profiles.
  • Identify and exploit vulnerabilities in AI-generated code, such as SQL injection, cross-site scripting, and directory traversal.
  • Acquire effective strategies for mitigating and rectifying these vulnerabilities within the generated code.

By the session’s conclusion, you’ll have built a functional demo app, successfully identified and resolved at least three vulnerabilities, and obtained valuable insights into secure usage of generative AI coding tools.

Key Takeaways:
  • Holistic Testing Approach
  • Working with the Complexity of the
  • Components Robust end-to-end experiences
  • Focus on Real-World Implementation
  • Driving Successful Adoption

About Speaker

 


With over 17 years of experience in the cybersecurity industry, Vandana is a Security Relations Leader at Snyk, a leading cloud-native application security platform that helps developers find and fix vulnerabilities in their applications and containers. She works with the developer and security communities to raise awareness, educate, and enable them to build secure software faster and better.

Vandana is also a member of the OWASP Global Board of Directors, where she contributes to the development and promotion of open-source security standards and best practices. As a passionate advocate for diversity and inclusion in cybersecurity, she leads and supports various initiatives such as InfosecGirls, WoSec, and InfosecKids, aiming to inspire, educate, and empower the next generation of security professionals. She is also a frequent speaker, trainer, and mentor at various global and regional events, such as Black Hat, Global AppSec, Grace Hopper, and BSides. She has received multiple awards and recognitions for her leadership, influence, and innovation in the security field.

Click here to visit the Main Event Page