Dragan Pleskonjic
Dragan Pleskonjic is the Senior Director of Application Security at IGT (formerly GTECH). In his current role, he directs, coordinates, and oversees application security efforts on the global organization level. Dragan is a well-known expert and influential strategic thinker in the area of information security, privacy, machine learning (ML), and artificial intelligence (AI). He is an experienced leader and has held top positions at international companies, working with clients and partners from various sectors worldwide, including finance and banking, technology, telecommunications, services, lotteries, gaming, education, government, and others. He possesses rich experience in creating and managing start-ups, new business development, and has proven leadership and talent for creating, managing, and organizing successful teams. He has initiated and held leading positions in a number of industry projects, as well as in research and development projects. Dragan is an adjunct professor for various cybersecurity and computer science courses. He is the author of ten books so far, including university textbooks on topics such as cybersecurity, operating systems, and software. Dragan is an inventor with a set of patents granted by USPTO and also CIPO, EPO, and WIPO patent offices. He published more than seventy scientific and technical papers at conferences and journals. His current research and development focus is intelligent predictive security (INPRESEC), exploring the paradigm shift in information security and privacy with artificial intelligence (AI) and machine learning (ML). Dragan is the initiator and founder of INPRESEC project and solution as well as Glog software security solution, Security Predictions, and many other products, solutions, and projects. For more information, please visit: • Personal Website https://www.dragan-pleskonjic.com/ • LinkedIn profile https://rs.linkedin.com/in/draganpleskonjic/
less
InterestsView All (12)
Uploads
Books by Dragan Pleskonjic
Patents by Dragan Pleskonjic
In this paper solution to overcome this obstacle is presented. Here is proposed WIDS (Wireless Intrusion Detection System) based on client based IDS agents, their cooperation and capabilities such as: self learning, autonomy and decision, self-decision and self defense including alerting. This is multidimensional system in development which is intended to cover most of wireless networks specific vulnerabilities on intrusion. It should work in real-time and defend user i.e. his computer or system against majority of intrusions nevertheless of fact if they are already known or new kind of attacks. System is integrated in clients and performs local data collection and filtering, works as local detection engine cooperating with neighboring IDS agents (cooperative detection engine). It provides local response and/or global response against intrusion.
This system can be coupled together with authentication systems and air encryption systems proposed by 802.11i (including AES encryption) and 802.1x (EAP and its implementations) for better security.
At present time there are IDS but mostly wired networks based and rules/signs based. These systems can’t answer on demanding environments and every day practice where we can see new and new types of attacks uncovered by current “signs” present in IDS, so its efficiency is dependent on frequency of signs / rules discovering and updates.
WIDS system, as described here, will require existence of next components WIDS Agent, Sensor, Server and Management & Reporting Tool and these components are object of analyze.
It’s estimated that 90 percent of security incidents result from attackers exploiting known software security vulnerabilities. Resolving those issues early in the development phase of software could reduce the information security risks facing many organizations today. A number of technologies and tools are available to help developers catch security flaws before they’re baked into a final software release. They include SAST, DAST, IAST, and RASP.
However, you develop your software and scan it for security vulnerabilities with static, dynamic, interactive (SAST, DAST, IAST) or other application security testing methodologies and tools. They report a number of potential security vulnerabilities, which your developers and other teams need to analyze and fix the code. Then you rescan, find some old and some new vulnerabilities, then remediate again. This takes a lot of time, creates friction between teams and jeopardizes your delivery timelines. If you deliver and deploy vulnerable code that can be breached, the damage could be huge, and your reputation ruined.
There are numerous remediation challenges, for example:
• Developers lose too much time to or sometimes not very skilled to analyze findings
• Unclear or incomplete remediation advice offered
• Large number of findings, some of them false positives
• Time and resources to fix issues extensive, time-consuming and unpredictable
• Sometimes SAST reports don’t detect right process and data flows, entry points, sources and sinks of issues and also security controls in code which are already in place
There are research and development programs focused on the new advanced solutions that will be able to give remediation advice for security vulnerabilities in software code based on context or, even more, to fix the security vulnerabilities in the code automatically. Such a solution can be based on machine learning and AI. These tools can be integrated into IDEs, build and CI/CD systems. Bringing this solution to development and application security teams can be very beneficial, save a great amount of time and bring agility in the area of software security and privacy.
Key takeaways:
• Current state of application and software security
• Analysis of important challenges in application and software security, DevSecOps and application security testing
• How application and software security can be improved and what is the future