I Had ChatGPT Analyze My Code

I don't use AI to write my code, but I have used them to learn things and figure things out. But always always ALWAYS verify what it's telling you.

eriksiers

This was a really good video, as a fellow developer it’s interesting to see how AI can identify potential problems in unsafe code. Even with the limitations of what it can identify - it’s not as bad as I expected.

cameronsmith

ChatGPT = Making human errors great again 👍

dreadedmonkey

mad props to this content creator for diving into the potential vulnerabilities in generated code from chat GPT and GitHub copilot

but on the flip side, ain't it kinda wild to think of the extent to which we rely on machines?

i mean, they're only as smart as the data they've been trained on

while it's true that these tools can spit out code fast, relying solely on them without human oversight might be a recipe for disaster

not gonna lie, it’s a bit concerning that we sometimes trust these tools blindly

but hey, this vid? pure gold for enlightening folks on potential pitfalls

big ups!

moondevonyt

One thing I've noticed with ChatGPT, at least the v3.5 model, is it's not amazing at generating code, but is pretty good at analysing code for vulnerabilities, and in my case, memory leaks. Very useful for memory management as it's a pain in the ass to do manually 😂

Cooper-Data

Gpt helped me make a keylogger that doesn’t get detected by windows security. I for one support our robot overlords. Great video!

perryg.

Wouldn't want to be a developer trying to meet deadlines in a narket whose competitiveness is underpinned by AI assisted coding. That human element required to meet duty of care and avoid serious liability issues is still critical. When you can take the time to develop and conduct quality assurance testing, you can deliver a product that wil effectively and safely meet clients needs. If you have to compete for a contract against people that will use these tools without verification as a way of offering an attractively short turnaround for their clients, the security concerns get very worrying indeed.

TRRY_TRRR

On the SSRF - I wonder about false positives - of course the demoed code is vulnerable, but I would wonder if ChatGPT is over-zealous. I would have to see how it analyzes extremely similar but not vulnerable code.

logiciananimal

John I thought of this and now you’re bringing this up… thanks

StephenBukz

When developing can you just include in the prompt to follow best practices (OWASP, etc) when creating code?

boondocky

Amazon's CodeWhisperer has security scans built-in but not sure if it would catch the issues in the dependencies...

michaeleaster

Would love a link to that talk in the description.

versacebroccoli

I would be careful when pasting in challenge code. If it's been a decent enough time the writeups might be used to assist with the answers.

funkydiddykong

I mainly use copilot for documentation generation. I also mainly try to understand the code that it generates. A lot of time it's faulty and I rather rewrite it from scratch. But sometimes... There are some golden eggs in there.

Mempler

Hey John, thank you again for another great video and as a follow-up to your last video, thank you for turning down the background music! Much prefer your sultry voice coming through clear😊

reggiemate

gpt4 did a preety good job, i think the next step would be to see then what code changes it recommends to fix . snyk seems useful, however think in addition could run the dependencies code through similar gpt review . make a big recursive loop to favor fewest dependencies, fewest vulnerabilities, then have gpt generate pentests against it .

zzzzzzz

having vulnerable packages is a whole different issue...

xsploit

Was gpt's code interpreter used for this video?

Tony

Hey, I'm curious, what's your main OS that hosts these VM's?

lukafireman

Good tutorial. Most appreciated. Have you thought a out mixing things up such as worm GPT and other alternatives? It's always good to know how other tools work. Thanks john

mason