- Dragan Pleskonjic is the Senior Director of Application Security at IGT (formerly GTECH). In his current role, he dir... moreDragan Pleskonjic is the Senior Director of Application Security at IGT (formerly GTECH). In his current role, he directs, coordinates, and oversees application security efforts on the global organization level. Dragan is a well-known expert and influential strategic thinker in the area of information security, privacy, machine learning (ML), and artificial intelligence (AI). He is an experienced leader and has held top positions at international companies, working with clients and partners from various sectors worldwide, including finance and banking, technology, telecommunications, services, lotteries, gaming, education, government, and others. He possesses rich experience in creating and managing start-ups, new business development, and has proven leadership and talent for creating, managing, and organizing successful teams. He has initiated and held leading positions in a number of industry projects, as well as in research and development projects. Dragan is an adjunct professor for various cybersecurity and computer science courses. He is the author of ten books so far, including university textbooks on topics such as cybersecurity, operating systems, and software. Dragan is an inventor with a set of patents granted by USPTO and also CIPO, EPO, and WIPO patent offices. He published more than seventy scientific and technical papers at conferences and journals. His current research and development focus is intelligent predictive security (INPRESEC), exploring the paradigm shift in information security and privacy with artificial intelligence (AI) and machine learning (ML). Dragan is the initiator and founder of INPRESEC project and solution as well as Glog software security solution, Security Predictions, and many other products, solutions, and projects. For more information, please visit: • Personal Website https://www.dragan-pleskonjic.com/ • LinkedIn profile https://rs.linkedin.com/in/draganpleskonjic/edit
ABSTRACT Nekada su se problemima sigurnosti računarskih sistema i mreža bavile vojska, diplomatija, policija i vlade. Sada to postaje problem svih koji obavljaju bankarske transakcije sa svog računa ili kupuju preko Interneta. Napadači... more
ABSTRACT Nekada su se problemima sigurnosti računarskih sistema i mreža bavile vojska, diplomatija, policija i vlade. Sada to postaje problem svih koji obavljaju bankarske transakcije sa svog računa ili kupuju preko Interneta. Napadači imaju brojne prednosti, od kojih je najveća mogućnost iznenađenja, tj. mogućnost izbora vremena, mesta i načina napada. Lica zadužena za odbranu sistema moraju uvek biti spremna, na svakom mestu i za sve načine napada. Ova sveobuhvatna, jasna i sistematična knjiga posvećena je osnovnim teorijskim i praktičnim konceptima sigurnosti informacionih i komunikacionih tehnologija. Objašnjava pretnje, napade i opasnosti, kao i metode, postupke i proizvode koji služe za zaštitu. Pogodna je i za početnike i za napredne korisnike, za programere, administratore, projektante i ostale profesionalce u ovoj oblasti. Pravi je udžbenik za studente i učenike koji izučavaju ovu oblast na fakultetima i u školama. Namenjena je i menadžmentu kompanija čije se poslovanje oslanja na računarske sisteme i mreže. Teorijska objašnjenja i praktični primeri strukturirani su tako da čitaoce postupno uvode u pojedina područja sigurnosti, objašnjavaju osnovne sigurnosne usluge i zaštitne mehanizme i obučavaju ih kako da zaštite svoj računar, mrežu, izvorni kôd ili bazu podataka. Jednostavnije – cilj autora je da čitaoce nauče kako da zaštite svoju imovinu, a ne da napadaju tuđu.
Research Interests:
ABSTRACT Prva knjiga na našem jeziku posvećena osnovnim teorijskim konceptima operativnih sistema i njihovoj vezi sa praksom. Knjiga uvodi čitaoce u osnove savremenih operativnih sistema, jasno definišući koncepte i algoritme korišćene... more
ABSTRACT Prva knjiga na našem jeziku posvećena osnovnim teorijskim konceptima operativnih sistema i njihovoj vezi sa praksom. Knjiga uvodi čitaoce u osnove savremenih operativnih sistema, jasno definišući koncepte i algoritme korišćene pri projektovanju njihovih pojedinih delova. Može se reći da ova knjiga predstavlja pokušaj demistifikacije operativnih sistema, bez detaljnije analize i interpretacije izvornog koda. Pored teorijskih postavki, knjiga opisuje i praktične implementacije poznatih operativnih sistema - Windows, Unix/Linux i Mac OS. Sadrži ilustracije važnih principa i algoritama primenjenih u relazicijama operativnih sistema. Na kraju svakog poglavlja data su pitanja i zadaci za vežbu. Prvenstveno je namenjena studentima, a pogodna je i za početnike koji se prvi put sreću sa ovom materijom. Mogu je koristiti i programeri, administratori sistema, inženjeri, kao i obični korisnici računara koji žele da saznaju više o načinu funkcionisanja operativnih sistema.
Research Interests:
Viša elektrotehnička škola, Beograd, 2006., ISBN 86-85081-16-5, knjiga – udžbenik
Research Interests:
Viša elektrotehnička škola, Beograd, 2006., ISBN 86-85081-49-1, knjiga – udžbenik
Research Interests:
Viša elektrotehnička škola, Beograd, 2006., ISBN 86-85081-55-6, knjiga – udžbenik
Research Interests:
Viša elektrotehnička škola, Beograd, 2004., ISBN 86-85081-03-3, knjiga – udžbenik
Research Interests:
Viša elektrotehnička škola, Beograd, 2004., ISBN 86-85081-10-6, knjiga – udžbenik
Research Interests:
Viša elektrotehnička škola, Beograd, 2005., ISBN 86-85081-15-7, knjiga – udžbenik
Research Interests:
Borislav Đorđević, Marko Carić, Dragan Pleskonjić, Nemanja Maček, Visoka škola elektrotehnike i računarstva, Beograd, 2007., ISBN 978-86-85081-94-1, knjiga – udžbenik
Research Interests:
Borislav Đorđević, Marko Carić, Dragan Pleskonjić, Nemanja Maček, Visoka škola elektrotehnike i računarstva, Beograd, 2007., ISBN 978-86-7982-009-9, knjiga – udžbenik
Research Interests:
While a player is playing one game on a gaming machine, the systems and methods described herein recommend other games to the player based on the player's real time game play, if the player is anonymous. Upon the player selecting a... more
While a player is playing one game on a gaming machine, the systems and methods described herein recommend other games to the player based on the player's real time game play, if the player is anonymous. Upon the player selecting a different game, the system may automatically transfers the player's credits between games or gaming machines. Each gaming machine may carry out one or more game.
Research Interests: Online Gaming and Gaming
A mobile gaming device may be a player's own personal tablet, 5 smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary... more
A mobile gaming device may be a player's own personal tablet, 5 smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary gaming terminal communicating with the mobile device, such as by using WiFi. The mobile device operates as a user interface. For 3D images, the original format may be adjusted for the mobile device.
Research Interests:
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary... more
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary gaming terminal communicating with the mobile device, such as by using WiFi. The mobile device operates as a user interface. If the communications link is temporarily broken during a game, the mobile device will create the appearance that the game is continuous, such as by continuing to spin reels, until communications are re-established. The reels will stop once the mobile device receives the final outcome from the gaming terminal. The player may pause the game to temporarily suspend the minimum game frequency rules. The mobile device may switch between gaming terminals. For 3D video, the original format may be adjusted for the mobile device. The gaming terminal may be a gaming machine.
Research Interests:
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary... more
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary gaming terminal communicating with the mobile device, such as by using WiFi or other wireless protocol. The mobile device operates as a user interface. While the player is playing one game on the mobile device, the venue's system recommends other games to the player via the player's tablet either based on the player's past gaming history, if the player used a player tracking card, or based on real time game play, if the player is anonymous. Upon the player selecting a different game, the system automatically transfers communications to a different gaming terminal and transfers the player's credits. The gaming terminals may be gaming machines, where each gaming machine carries out a different game.
Research Interests:
While a player is playing one game on a gaming machine, the systems and methods described herein recommend other games to the player based on the player's past gaming history, accessed via player registration, and the player's real time... more
While a player is playing one game on a gaming machine, the systems and methods described herein recommend other games to the player based on the player's past gaming history, accessed via player registration, and the player's real time game play. Upon the player selecting a different game, the system may automatically transfers the player's credits between games or gaming machines. Each gaming machine may carry out one or more game.
Research Interests:
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary... more
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary gaming terminal communicating with the mobile device, such as by using WiFi. The mobile device operates as a user interface. If the communications link is temporarily broken during a game, the mobile device will create the appearance that the game is continuous, such as by continuing to spin reels, until communications are re-established. The reels will stop once the mobile device receives the final outcome from the gaming terminal. The player may pause the game to temporarily suspend the minimum game frequency rules. The mobile device may switch between gaming terminals. For 3D video, the original format may be adjusted for the mobile device. The gaming terminal may be a gaming machine.
Research Interests:
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary... more
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary gaming terminal communicating with the mobile device, such as by using WiFi. The mobile device operates as a user interface The games involve a plurality of players.
Research Interests:
While a player is playing one game on a gaming machine, the systems and methods described herein recommend other games to the player based on the player's real time game play, if the player is anonymous. Upon the player selecting a... more
While a player is playing one game on a gaming machine, the systems and methods described herein recommend other games to the player based on the player's real time game play, if the player is anonymous. Upon the player selecting a different game, the system may automatically transfers the player's credits between games or gaming machines. Each gaming machine may carry out one or more game.
Research Interests:
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary... more
A mobile gaming device may be a player's own personal tablet, smartphone, PDA, etc., with an application program installed via the internet for carrying out a remote gaming session. All gaming functions are carried out by a stationary gaming terminal communicating with the mobile device, such as by using WiFi. The mobile device operates as a user interface. Registration for the mobile device may be via a registration terminal connected in a network with a plurality of gaming terminals. The mobile device may communicate wirelessly with the registration terminal, and the registration terminal then communicates with the played gaming terminal via the network. The mobile device may select to play games offered by any available gaming terminal. The gaming terminals may be gaming machines. The registration terminal may also be a cashing out terminal and print a ticket.
Research Interests:
A method of installing hardware and corresponding software comprising the steps of initiating the installation process for a hardware element having corresponding software, monitoring the operating system for commands which require user... more
A method of installing hardware and corresponding software comprising the steps of initiating the installation process for a hardware element having corresponding software, monitoring the operating system for commands which require user intervention, analyzing the commands received from the operating system, and responding to the commands received from the operating system without requiring user intervention. The invention further comprises an installation script for use in association with a computer and an associated hardware element or software element. The script comprising a monitoring mechanism, an analyzing mechanism and a responding mechanism. The monitoring mechanism monitoring a request for user intervention by an operating system. The analyzing mechanism analyzing the request to determine a response thereto. The responding mechanism responding to the request without substantially requiring user intervention.
Research Interests:
Research Interests:
Research Interests: Computer Science, Computer Architecture, Distributed Computing, Computer Networks, Cryptography, and 12 moreEncryption, Network Management, Control Systems, Computer Network, Protocols, Data Security, Environment and Development, Heterogeneous Computing, Gateway, Communication Protocol, Network Architectures, and Network Protocol
Research Interests:
Research Interests:
Research Interests: Artificial Intelligence, Machine Learning, Network Security, Wireless Sensor Networks, Applications of Machine Learning, and 13 moreAnomaly Detection, Network Intrusion Detection & Prevention, Mobile Security, Wireless Network Security, IEEE 802.11 WLAN, Cyber Security, Intrusion Detection Systems (IDSs), Misuse Detection, Intrusion Detection and Prevention, WLANs, Wids, Network Intrusion Detection (NIDS), and Wifi Hacking
Research Interests: Civil Engineering, Computer Science, Artificial Intelligence, Machine Learning, Network Security, and 12 moreApplications of Machine Learning, Intrusion Detection Systems, Cryptography, Wireless networks, Wireless Network Security, Building, Cyber Security, Intrusion Detection Systems (IDSs), War Driving Wi Fi Project, Wids, Wifi Hacking, and wifi security
This paper presents attempt to describe and categorize psychological profiles of network attackers and intruders. For long time ago, it was considered that most important aspect for providing security of computer networks and information... more
This paper presents attempt to describe and categorize psychological profiles of network attackers and intruders. For long time ago, it was considered that most important aspect for providing security of computer networks and information systems is technical aspect and cryptography. But it has been recognized that even the best set of technical mechanisms can’t protect effectively if human factor fails. Also, when analyzing threats and attacks, it is important to focus on psychological aspect of intruder, their motives and intentions and their way of thinking, planning and performing attacks. Important part is way of hiding tracks of its activity. This is interdisciplinary and multidisciplinary approach with goal to help modeling and design of protection, especially intrusion detection and intrusion prevention systems. One scope of targets is Internet and wireless networks and way to protect these networks from intruders and threats. This confirms statement that security is never ending process.
Research Interests:
Wireless (Wi-Fi) networks based on IEEE 802.11 1 family of standards have been spreading its coverage last years and this trend is expected to grow. Every day more and more people use this type of networks to access Internet, company or... more
Wireless (Wi-Fi) networks based on IEEE 802.11 1 family of standards have been spreading its coverage last years and this trend is expected to grow. Every day more and more people use this type of networks to access Internet, company or other types of networks. Today's wireless networks are vulnerable in many ways (rogue access points, hijacking sessions, eavesdropping, illegal use, unauthorized access, denial of service attacks, floods, stealing data and other types of misuse and attacks etc). People are worried about unknowingly exposing their computers to illegal access through the air, from an undefined location. On wired networks the intruder can access by wire, but in wireless environments the intruder can access the network from anywhere in the neighborhood. At the present time there are IDS's but mostly deployed on wired networks, and based on rules and signatures of already known and analyzed intrusions. These systems can't answer the demand in environments where new intrusions are occurring every day due their legacy IDS's limitations. Intrusion detection agent presented in this paper is part of WIDSwireless intrusion detection system. WIDS Agent is software installed on mobile computer device. It detects intrusions and attacks by analyzing traffic and making conclusions and denies it. It works as standalone module or coupled (in contribution) with WIDS Sensor and Server that are also part of this system. Position of application is on personal computer (PC), including Pocket PC (PPC), other PDA devices and similar computerized and mobile devices. This system has capabilities such as: self learning, autonomy and decision, self-decision and self defense including alerting. This is multidimensional system in development which is intended to cover most of wireless networks specific vulnerabilities and intrusion. It should work in real-time and defend user i.e. his computer or system against majority of intrusions nevertheless of fact if they are already known or new kind of attacks. System is integrated in clients and performs local data collection and filtering, works as local detection engine cooperating with neighboring WIDS agents (cooperative detection engine). It provides local response and/or global response against intrusion. Also, this system works in the closest relationship with firewall software and devices, antivirus software, network management and other security tools.
Research Interests: Artificial Intelligence, Machine Learning, Network Security, Wireless Sensor Networks, Applications of Machine Learning, and 14 moreAnomaly Detection, Network Intrusion Detection & Prevention, Mobile Security, Wireless Network Security, IEEE 802.11 WLAN, Cyber Security, Intrusion Detection Systems (IDSs), Misuse Detection, Intrusion Detection and Prevention, WLANs, Wids, Network Intrusion Detection (NIDS), Wifi Hacking, and Host-based Ids (hids); Extreme Learning Machine (elm)
This paper presents attempt to describe and categorize psychological profiles of network attackers and intruders. For long time ago, it was considered that most important aspect for providing security of computer networks and information... more
This paper presents attempt to describe and categorize psychological profiles of network attackers and intruders. For long time ago, it was considered that most important aspect for providing security of computer networks and information systems is technical aspect and cryptography. But it has been recognized that even the best set of technical mechanisms can't protect effectively if human factor fails. Also, when analyzing threats and attacks, it is important to focus on psychological aspect of intruder, their motives and intentions and their way of thinking, planning and performing attacks. Important part is way of hiding tracks of its activity. This is interdisciplinary and multidisciplinary approach with goal to help modeling and design of protection, especially intrusion detection and intrusion prevention systems. One scope of targets is Internet and wireless networks and way to protect these networks from intruders and threats. This confirms statement that security is never ending process.
Research Interests:
Today’s wireless networks are vulnerable in many ways (eavesdropping, illegal use, unauthorized access, denial of service attacks, so called warchalking etc). These problems and concerns are one of main obstacles for wider usage of... more
Today’s wireless networks are vulnerable in many ways (eavesdropping, illegal use, unauthorized access, denial of service attacks, so called warchalking etc). These problems and concerns are one of main obstacles for wider usage of wireless networks. People are worried to unknowingly “expose” their computers to illegally access through air from undefined location. On wired networks intruder can access by wire, but in wireless he has possibility to access to your computer from anywhere in neighborhood.
In this paper solution to overcome this obstacle is presented. Here is proposed WIDS (Wireless Intrusion Detection System) based on client based IDS agents, their cooperation and capabilities such as: self learning, autonomy and decision, self-decision and self defense including alerting. This is multidimensional system in development which is intended to cover most of wireless networks specific vulnerabilities on intrusion. It should work in real-time and defend user i.e. his computer or system against majority of intrusions nevertheless of fact if they are already known or new kind of attacks. System is integrated in clients and performs local data collection and filtering, works as local detection engine cooperating with neighboring IDS agents (cooperative detection engine). It provides local response and/or global response against intrusion.
This system can be coupled together with authentication systems and air encryption systems proposed by 802.11i (including AES encryption) and 802.1x (EAP and its implementations) for better security.
At present time there are IDS but mostly wired networks based and rules/signs based. These systems can’t answer on demanding environments and every day practice where we can see new and new types of attacks uncovered by current “signs” present in IDS, so its efficiency is dependent on frequency of signs / rules discovering and updates.
WIDS system, as described here, will require existence of next components WIDS Agent, Sensor, Server and Management & Reporting Tool and these components are object of analyze.
In this paper solution to overcome this obstacle is presented. Here is proposed WIDS (Wireless Intrusion Detection System) based on client based IDS agents, their cooperation and capabilities such as: self learning, autonomy and decision, self-decision and self defense including alerting. This is multidimensional system in development which is intended to cover most of wireless networks specific vulnerabilities on intrusion. It should work in real-time and defend user i.e. his computer or system against majority of intrusions nevertheless of fact if they are already known or new kind of attacks. System is integrated in clients and performs local data collection and filtering, works as local detection engine cooperating with neighboring IDS agents (cooperative detection engine). It provides local response and/or global response against intrusion.
This system can be coupled together with authentication systems and air encryption systems proposed by 802.11i (including AES encryption) and 802.1x (EAP and its implementations) for better security.
At present time there are IDS but mostly wired networks based and rules/signs based. These systems can’t answer on demanding environments and every day practice where we can see new and new types of attacks uncovered by current “signs” present in IDS, so its efficiency is dependent on frequency of signs / rules discovering and updates.
WIDS system, as described here, will require existence of next components WIDS Agent, Sensor, Server and Management & Reporting Tool and these components are object of analyze.
Research Interests: Computer Science, Artificial Intelligence, Machine Learning, Network Security, Applications of Machine Learning, and 10 moreIntrusion Detection Systems, Cryptography, Wireless networks, Wireless Network Security, Cyber Security, Intrusion Detection Systems (IDSs), War Driving Wi Fi Project, Wids, Wifi Hacking, and wifi security
Research Interests:
Research Interests:
Research Interests:
Research Interests:
This paper presents benefits we have achieved by use of machine learning (ML) and artificial intelligence (AI) to improve cybersecurity and software security. There are tens of millions of security interesting events monthly in an average... more
This paper presents benefits we have achieved by use of machine learning (ML) and artificial intelligence (AI) to improve cybersecurity and software security. There are tens of millions of security interesting events monthly in an average company or organization. Humans hardly can cope with all of them and breaches cost lot in money, reputation and other costs and damages. Particular challenges are: false positives generated by tools on the market at present time, alarms noise triage and how to remediate/fix issues. Paper presents solutions and case studies for network and end point security, threat intelligence and predictions, as well as software security including false positives reduction and remediation of vulnerabilities with possibility to achieve even automatic remediation. Solutions can be either based on cloud or on premise and applied from small and medium companies to big enterprises and organizations. These solutions offer high accuracy, fast detection and remediation, as well as cost and resources saving as they are based modern technology and predictive approach. Solutions are implemented through real life projects: INPRESEC, vSOC, Glog and Security Predictions.
Research Interests:
DevSecOps is a more than just getting security testing integrated into a pipeline and using the results to influence flow. Real success with DevSecOps comes when you are able to identify and measure critical aspects of your risks as well... more
DevSecOps is a more than just getting security testing integrated into a pipeline and using the results to influence flow. Real success with DevSecOps comes when you are able to identify and measure critical aspects of your risks as well as your security controls and functions. It means that you have governance that enables and encourages the right behaviors – not just inhibits bad ones and you have an audit function that can measure this success. It also means you are able to incorporate and include security related information from all parts of the SDLC – including threat, design, testing and at runtime. Many places have achieved higher degrees of automation and education within their DevSecOps initiatives, however this needs to be an improving and continuous cycle. Taking it to the next level involves intensify these efforts with accurate threat analysis, secure design, measuring, governance and audit. Join us as we share insights on how organizations are moving beyond DevSecOps and more towards real Continuous Security.
Research Interests:
In this webinar, the current state of application and software security, challenges that software development and security teams face, how the application and software security can be improved and what is the future. It’s estimated that... more
In this webinar, the current state of application and software security, challenges that software development and security teams face, how the application and software security can be improved and what is the future.
It’s estimated that 90 percent of security incidents result from attackers exploiting known software security vulnerabilities. Resolving those issues early in the development phase of software could reduce the information security risks facing many organizations today. A number of technologies and tools are available to help developers catch security flaws before they’re baked into a final software release. They include SAST, DAST, IAST, and RASP.
However, you develop your software and scan it for security vulnerabilities with static, dynamic, interactive (SAST, DAST, IAST) or other application security testing methodologies and tools. They report a number of potential security vulnerabilities, which your developers and other teams need to analyze and fix the code. Then you rescan, find some old and some new vulnerabilities, then remediate again. This takes a lot of time, creates friction between teams and jeopardizes your delivery timelines. If you deliver and deploy vulnerable code that can be breached, the damage could be huge, and your reputation ruined.
There are numerous remediation challenges, for example:
• Developers lose too much time to or sometimes not very skilled to analyze findings
• Unclear or incomplete remediation advice offered
• Large number of findings, some of them false positives
• Time and resources to fix issues extensive, time-consuming and unpredictable
• Sometimes SAST reports don’t detect right process and data flows, entry points, sources and sinks of issues and also security controls in code which are already in place
There are research and development programs focused on the new advanced solutions that will be able to give remediation advice for security vulnerabilities in software code based on context or, even more, to fix the security vulnerabilities in the code automatically. Such a solution can be based on machine learning and AI. These tools can be integrated into IDEs, build and CI/CD systems. Bringing this solution to development and application security teams can be very beneficial, save a great amount of time and bring agility in the area of software security and privacy.
Key takeaways:
• Current state of application and software security
• Analysis of important challenges in application and software security, DevSecOps and application security testing
• How application and software security can be improved and what is the future
It’s estimated that 90 percent of security incidents result from attackers exploiting known software security vulnerabilities. Resolving those issues early in the development phase of software could reduce the information security risks facing many organizations today. A number of technologies and tools are available to help developers catch security flaws before they’re baked into a final software release. They include SAST, DAST, IAST, and RASP.
However, you develop your software and scan it for security vulnerabilities with static, dynamic, interactive (SAST, DAST, IAST) or other application security testing methodologies and tools. They report a number of potential security vulnerabilities, which your developers and other teams need to analyze and fix the code. Then you rescan, find some old and some new vulnerabilities, then remediate again. This takes a lot of time, creates friction between teams and jeopardizes your delivery timelines. If you deliver and deploy vulnerable code that can be breached, the damage could be huge, and your reputation ruined.
There are numerous remediation challenges, for example:
• Developers lose too much time to or sometimes not very skilled to analyze findings
• Unclear or incomplete remediation advice offered
• Large number of findings, some of them false positives
• Time and resources to fix issues extensive, time-consuming and unpredictable
• Sometimes SAST reports don’t detect right process and data flows, entry points, sources and sinks of issues and also security controls in code which are already in place
There are research and development programs focused on the new advanced solutions that will be able to give remediation advice for security vulnerabilities in software code based on context or, even more, to fix the security vulnerabilities in the code automatically. Such a solution can be based on machine learning and AI. These tools can be integrated into IDEs, build and CI/CD systems. Bringing this solution to development and application security teams can be very beneficial, save a great amount of time and bring agility in the area of software security and privacy.
Key takeaways:
• Current state of application and software security
• Analysis of important challenges in application and software security, DevSecOps and application security testing
• How application and software security can be improved and what is the future
Research Interests: Computer Science, Information Technology, Software Security, Software Development, Cybersecurity, and 15 moreApplication Security, Applied Software Security, Security Testing, Web application security, Software Security, Software Analysis and Testing, DAST, Sast, Rasp, Cyber Security, Ethical Hacking, & Penetration Testing, Software Development Life Cycle (SDLC), Static Application Security Testing, Dynamic Application Security Testing, Interactive Application Security Testing, Runtime Application Self-Protection, IAST, and Glog
INPRESEC (Intelligent Predictive Security) – Network and end-point security. Detects anomalies in behavior, security threats and attacks. Exploring the paradigm shift in Information Security and Privacy with Artificial Intelligence and... more
INPRESEC (Intelligent Predictive Security) – Network and end-point security. Detects anomalies in behavior, security threats and attacks. Exploring the paradigm shift in Information Security and Privacy with Artificial Intelligence and Machine Learning. Novel approach to cyber security to predict the most likely cyber-attacks and to plan optimal preventive and proactive cyber-security defensive measures.