DryRun Security

New Absolute AppSec course! Dec 2 & 3 Held **VIRTUALLY** by Seth Law and I. Check the comments for the registration link!

Tomorrow is the day Ken Johnson, Co-founder and CTO of DryRun Security, shares our journey of leveraging Large Language Models (LLMs) for application security. ?? Discover how we're moving beyond traditional static analysis to find nuanced security issues in code. In this session, you'll learn about the challenges we have faced, the lessons we learned, and the innovative methods we've developed. ???Bring your questions for the live Q&A after Ken’s presentation! Nov. 14 ? 1pm EST ???If you haven't registered yet, there's still time: https://lnkd.in/gBPSPmSC This webinar is part of a series titled AI-powered AppSec. Follow us here to stay up to date with our latest sessions from the series. #AI #Cybersecurity #LLM #ApplicationSecurity #Innovation

Life teaches us lessons… we’re sharing ours from our journey with LLMs and AppSec at DryRun Security Join us on Thursday for a virtual session where Ken Johnson will share pitfalls and learnings and take questions! Link to register is in the comments.

SAST and, really, a large swath of AppSec, use scare tactics and FUD to get adoption. However, modern leaders have realized this isn't the approach that moves the needle. So, there's been a doubling down on security champion programs to foster developer engagement, secure by default in lang/frameworks, paved paths for deployment, ... Well, the new trend, as I am sure you know, is leveraging AI and LLMs for appsec tasks. DryRun Security is changing the name of the game for SAST, so it's not just pattern-matching scare tactics, but using contextually relevant analysis on every code change to deliver meaningful guidance to developers and insight to appsec engineers. Over the last year of building the product, we've learned a ton about LLMs and AI for AppSec. This week, Ken Johnson, CTO of DryRun Security, is hosting a webinar where we'll cover our journey and the lessons we've learned along the way. You should join us for the conversation! Whether you're exploring AI for AppSec for the first time or you've already been experimenting, this talk will help you avoid common pitfalls and get up-to-speed faster. Please signup and bring a friend; it's free! Sign up here > https://lnkd.in/gjX3vgTX

One area where LLMs truly shine is their ability to summarize the behavior of code. With the right setup, they can provide a clear, high-level understanding of what code is doing, which can be incredibly useful for spotting behavioral anomalies. This is just one of the many learnings we've had at DryRun security over the last year. Want to hear more? Sign up for our free webinar where DryRun Security CTO, Ken Johnson shares more. https://lnkd.in/g8UPnzCj

UPDATE: This online course has been moved to December 2nd and 3rd. Please update your calendars or register now if you're interested in Harnessing LLMs for Application Security. Ken Johnson and Seth Law have developed "Harnessing LLMs for Application Security", a new stand-alone course for infosec professionals who’d like to incorporate #AIagents and other #LLM technologies into their day-to-day work flow. The course is being offered for the first time online on N?o?v?e?m?b?e?r? ?7?-?8? December 2nd and 3rd. Harnessing LLMs for #AppSec grew out of Seth and Ken’s Practical Secure Code Review course that has incorporated LLMs into the Absolute AppSec methodology for #SecureCodeReview because some students found the information covered in the new incarnation of the Secure Code Review course regarding the use of LLMs to be both valuable and worthy of a special focus on its own.? To meet that demand then, the objectives of the new course include: ? Understanding #Langchain and #PromptEngineering ? Getting familiar with LLM types, and exploring which options can best help perform AppSec-related and other tasks. ? Hands-on techniques like Retrieval-Augmented Generation (RAG) and Few-Shot Prompting for secure code analysis and threat modeling.? ? Integration of AI into security tasks to identify vulnerabilities and improve overall application security. ? How to fine tune AI agent interaction so you improve the results you see To register for this training and to get more information on Seth and Ken’s courses, check out the Absolute AppSec training site https://lnkd.in/gpdQQxbW. For this training, the course overview can be found here: https://lnkd.in/g9WZkPqV

Join Ken Johnson, Co-founder and CTO of DryRun Security, as he shares our journey leveraging Large Language Models (LLMs) for application security. ?? Discover how we're moving beyond traditional static analysis to find nuanced security issues in code. In this session, you'll learn about the challenges we have faced, the lessons we learned, and the innovative methods we've developed. ???Bring your questions for the live Q&A after Ken’s presentation! Nov. 14 ? 1pm EST ???Link to register is in the comment This webinar is part of a series titled AI-powered AppSec. Follow us here to stay up to date with our latest sessions from the series. #AI #Cybersecurity #LLM #ApplicationSecurity #Innovation

Name a major credit card breach where the organization wasn't PCI-DSS compliant... Some call the process of passing audits as "security theater" however that's a bit too derogatory for my taste. I am only suggesting that compliance is not the indicator of successful defense that many in the security industrial complex would have you believe. There are two areas I like to focus on for defense: code-merge time and runtime. This is why Ken Johnson and I started DryRun Security, and why other Signal Sciences alumni started Impart Security and RAD Security. If you haven't checked out DryRun Security, I'd love to show you how we're changing code security testing so you don't have to use outdated pattern-matching tools to build a successful appsec program. (I'm looking at you Veracode and Checkmarx!)

After a year of exploring Large Language Models for Application Security, we’re sharing our journey with you including what has worked—and what hasn’t. There are 7 key lessons that we’ve learned through this process: 1. Choose the right LLM for the task. 2. Ask the right questions. 3. LLMs don’t have all the answers, but they can learn.? 4. Robust testing is essential. 5. LLMs excel at summarizing behavior. 6. Combining deterministic and probabilistic methods works best. 7. Agent-based execution enhances LLM performance. We also share some problems we’ve encountered. Stay tuned for more insights as we delve further into the world of LLMs for AppSec! ?? Link to the post in the comments #AI #AppSec

Will you be at #LASCON 2024? If so, don't miss James Wickett's session: Perspectives on Application Security and AI. You’ll learn different perspectives on where AppSec and AI streams overlap and prove fruitful, as well as introductions to tools, frameworks, prompt techniques, and more. It's happening Friday, October 25 from 1-1:50pm ? Add it to your schedule at https://lnkd.in/g6HWb6Gg