Project

Glog.AI

Goal: Web site: www.glog.ai - Glog project is focused on research and development of the solution that is able to give remediation advice for security vulnerabilities in software code based on context or, even more, to automatically fix the security vulnerabilities in the code. We are developing such a solution based on machine learning and AI. Agility in software security is becoming a reality.

See more at: https://www.glog.ai/ and https://dragan-pleskonjic.com/.
Partial list of events on this link: https://www.dragan-pleskonjic.com/events/.

Updates
0 new
8
Recommendations
0 new
0
Followers
0 new
0
Reads
1 new
220

Project log

Dragan Pleskonjic
added a research item
Cybersecurity and Software Security Solutions aided by ML and AI: Glog, INPRESEC, Security Predictions, vSOC.
Dragan Pleskonjic
added a research item
In this webinar, the current state of application and software security, challenges that software development and security teams face, how the application and software security can be improved and what is the future. It’s estimated that 90 percent of security incidents result from attackers exploiting known software security vulnerabilities. Resolving those issues early in the development phase of software could reduce the information security risks facing many organizations today. A number of technologies and tools are available to help developers catch security flaws before they’re baked into a final software release. They include SAST, DAST, IAST, and RASP. However, you develop your software and scan it for security vulnerabilities with static, dynamic, interactive (SAST, DAST, IAST) or other application security testing methodologies and tools. They report a number of potential security vulnerabilities, which your developers and other teams need to analyze and fix the code. Then you rescan, find some old and some new vulnerabilities, then remediate again. This takes a lot of time, creates friction between teams and jeopardizes your delivery timelines. If you deliver and deploy vulnerable code that can be breached, the damage could be huge, and your reputation ruined. There are numerous remediation challenges, for example: • Developers lose too much time to or sometimes not very skilled to analyze findings • Unclear or incomplete remediation advice offered • Large number of findings, some of them false positives • Time and resources to fix issues extensive, time-consuming and unpredictable • Sometimes SAST reports don’t detect right process and data flows, entry points, sources and sinks of issues and also security controls in code which are already in place There are research and development programs focused on the new advanced solutions that will be able to give remediation advice for security vulnerabilities in software code based on context or, even more, to fix the security vulnerabilities in the code automatically. Such a solution can be based on machine learning and AI. These tools can be integrated into IDEs, build and CI/CD systems. Bringing this solution to development and application security teams can be very beneficial, save a great amount of time and bring agility in the area of software security and privacy. Key takeaways: • Current state of application and software security • Analysis of important challenges in application and software security, DevSecOps and application security testing • How application and software security can be improved and what is the future
Dragan Pleskonjic
added a research item
This paper presents benefits we have achieved by use of machine learning (ML) and artificial intelligence (AI) to improve cybersecurity and software security. There are tens of millions of security interesting events monthly in an average company or organization. Humans hardly can cope with all of them and breaches cost lot in money, reputation and other costs and damages. Particular challenges are: false positives generated by tools on the market at present time, alarms noise triage and how to remediate/fix issues. Paper presents solutions and case studies for network and end point security, threat intelligence and predictions, as well as software security including false positives reduction and remediation of vulnerabilities with possibility to achieve even automatic remediation. Solutions can be either based on cloud or on premise and applied from small and medium companies to big enterprises and organizations. These solutions offer high accuracy, fast detection and remediation, as well as cost and resources saving as they are based modern technology and predictive approach. Solutions are implemented through real life projects: INPRESEC, vSOC, Glog and Security Predictions.
Dragan Pleskonjic
added a research item
To effectively protect your organization’s web applications against cyberattacks, it is necessary to take a multidimensional approach. In this webinar, a panel of industry experts will discuss key measures that enterprises can take to mitigate web application security risks, including incorporating DevSecOps from design through implementation, using web application penetration testing to plug vulnerabilities, and improving incident detection and response. Enterprises can adopt DevSecOps as a methodology and integrate cybersecurity practices such as secure coding into the development life cycle (design, development, testing, release, and maintenance). This ensures that there is no delay in mitigating cybersecurity risks, since secure application rollouts are less susceptible to threats like hacks by malicious actors. Expert penetration testing professionals test applications to find vulnerabilities and ensure that cybersecurity loopholes can be plugged before malicious hackers can exploit them. Penetration testing can be conducted on applications before rollout and on live applications to continuously improve their security. Every web application should have a sound incident detection and response plan with clear security policies, effective tools, and steps that can be taken to recover from an attack as soon as possible. Key takeaways: Integrate security management into your web application development life cycle. Use penetration testing to address web application vulnerabilities Implement an effective incident detection and response plan. Get insights into industry standards, best practices, and processes for web application security.
Dragan Pleskonjic
added a research item
DevSecOps is a more than just getting security testing integrated into a pipeline and using the results to influence flow. Real success with DevSecOps comes when you are able to identify and measure critical aspects of your risks as well as your security controls and functions. It means that you have governance that enables and encourages the right behaviors – not just inhibits bad ones and you have an audit function that can measure this success. It also means you are able to incorporate and include security related information from all parts of the SDLC – including threat, design, testing and at runtime. Many places have achieved higher degrees of automation and education within their DevSecOps initiatives, however this needs to be an improving and continuous cycle. Taking it to the next level involves intensify these efforts with accurate threat analysis, secure design, measuring, governance and audit. Join us as we share insights on how organizations are moving beyond DevSecOps and more towards real Continuous Security.
Dragan Pleskonjic
added a research item
Agenda and Key Takeaways: 1. Current state and analysis of important challenges in application and software security, DevSecOps and application security testing 2. How application and software security can be improved and what is the future 3. Paradigm shift in software security with data science, machine learning and AI 4. Glog.ai https://www.glog.ai/ - solution that is able to give remediation advice based on context or, even more, to automatically fix the security vulnerabilities in software code, with data science, machine learning and AI
Dragan Pleskonjic
added an update
I participated Belgrade Venture Forum 2021, held July 5 – 9, 2021 per invitation from BgVF organizers.
On day IV Thu July 8, 2021, program included:
  • Speech: “ML & AI in Cybersecurity”, Dragan Pleskonjić, 8th July 2021, 6.45pm – 7.00pm CET
  • Panel: “AI – How to Make it More Opportunity Than Security Threat”, 8th July 2021, 7.00pm -7.45pm CET
  • Dragan Pleskonjić, Entrepreneur & Executive Advisor Software & Cyber Security, ML & AI
  • Miloš Matić, VC @ ICT Hub Venture
  • Petar Veličković, Senior Research Scientist at DeepMind
Speech and panel included talk and discussion about Glog.ai project as one of topics.
 
Dragan Pleskonjic
added a research item
Application security is no longer an afterthought but a foremost. Application security is important because current applications are often available on various devices, networks and connected to the cloud, increasing vulnerabilities to threats and security breaches. There is a growing pressure and incentive not only to ensure security at the network level, but also within the applications themselves. One of the reasons for this is that hackers are preying on applications more with their attacks today than in the past. Application security testing can reveal weaknesses at the application level, helping to prevent these attacks. According market research companies, annual size of market will grow by more than 16% annually and will reach 15 billion US dollars by 2025. Key Takeaways: 1. To lay the foundation required by all application developers. 2. To help development organizations produce secure applications.
Dragan Pleskonjic
added an update
I am invited to participate roundtable with topic “Shifting Priorities of Digital Native Security” which is planned for May 27th, 2021 at 11:00 am ET.
As organizer said in their announcement:
“In this Roundtable, our experts will discuss:
  1. The challenge for cybersecurity teams is finding effective ways to deliver and maintain security at the speed of digital transformation.
  2. How can modern security platforms can help organizations stay ahead of potential threats?
  3. How have the relative importance of security threats changed as companies and products shift to being digital natives?”
Panelists:
  • Rhys Arkins, Director of Product Management at WhiteSource Software
  • Scott Ward, Principal Solutions Architect, Amazon Web Services (AWS)
  • Michiel Prins, Co-Founder & Product Lead, HackerOne
  • Dragan Pleskonjic, Senior Director Application Security, IGT, Innovator and Entrepreneur
 
Dragan Pleskonjic
added an update
EC-Council University and EC-Council invited me to moderate panel discussion on topic “Why is Application Security Important for Your Business?” in their Cyber Talks. Event is supported by CISO MAG.
  • Moderator: Dragan Pleskonjic
  • Panelists:Paresh Rathod, Chairman (European Cybersecurity Org Working Group, Brussels), European Cybersecurity Agency Expert (Brussels), Innovation Lead-Educator (Laurea-Finland), and Vice-President (IITEDA, UK) Sundar Dandapani, CISA, Director Cybersecurity Practice at Capgemini Patric J.M. Versteeg, MSc., Chief Information Security Officer (CISO) Viterra B.V.
Webinar Type: Panel Discussion Date: 28th April, 2021 Time: 8.30 PM IST / 4.00 PM GMT / 5.00 PM CET Topic: Why is Application Security Important for Your Business?
Abstract: Application security is no longer an afterthought but a foremost. Application security is important because current applications are often available on various networks and connected to the cloud, increasing vulnerabilities to threats and security breaches. There is a growing pressure and incentive not only to ensure security at the network level, but also within the applications themselves. One of the reasons for this is that hackers are preying on applications more with their attacks today than in the past. Application security testing can reveal weaknesses at the application level, helping to prevent these attacks.
Key Takeaways:
  1. To lay the foundation required by all application developers.
  2. To help development organizations produce secure applications.
To see more details, go to next link: “Why is Application Security Important for Your Business?” https://www.eccu.edu/why-is-application-security-important-for-your-business/
You can watch recording on YouTube https://www.youtube.com/watch?v=UM0TO4e_ItI. Thank you for watching.
 
Dragan Pleskonjic
added an update
Data Science Conference Europe 2020, was held online in period November 15 – 19, 2020.
Per invitation of conference organizers, my keynote talk delivered on November 19, 2020 was on topic “Glog.ai – software security tool”. It is my R&D project focused on a solution that is able to give remediation advice based on context or, even more, to automatically fix the security vulnerabilities in software code. It uses machine learning and AI.
See more details about Glog.ai project here https://www.glog.ai/.
 
Dragan Pleskonjic
added an update
Upon the invitation from the EC-Council University, I spoke at a webinar What is the Present and Future of Software Security? https://www.eccu.edu/what-is-the-present-and-future-of-software-security/ in their Cyber Talks, among other Global Cyber Leaders, which are addressing the real, on-the-ground cybersecurity issues.
Key takeaways from webinar are:
  • Current state of application and software security
  • Analysis of important challenges in application and software security, DevSecOps and application security testing
  • How application and software security can be improved and what is the future
You can watch recording on YouTube https://www.youtube.com/watch?v=FNQS9-bbmks. Thank you for watching.
 
Dragan Pleskonjic
added an update
Recently there was interesting panel, available on BrightTalk at link below:
Application Security Experts Panel [Live Streamed Event, Recorded Mar 17 2020]
Topic was “Current State of Secure DevOps & Future of Application Security Testing”. Panel was moderated by Eitan Worcel from IBM.
Panelists:
  • Laura Guazzelli, Information Security Architect, Hitachi Vantara
  • Dragan Pleskonjic, Senior Director Application Security, IGT and initiator and founder of INPRESEC and Glog projects
  • Vandana Verma, Information Security Architect, IBM and Global Board of Directors at OWASP
Glog solution is mentioned toward the end of first part of panel.
 
Dragan Pleskonjic
added a project goal
Web site: www.glog.ai - Glog project is focused on research and development of the solution that is able to give remediation advice for security vulnerabilities in software code based on context or, even more, to automatically fix the security vulnerabilities in the code. We are developing such a solution based on machine learning and AI. Agility in software security is becoming a reality.
Partial list of events on this link: https://www.dragan-pleskonjic.com/events/.