شماره ركورد كنفرانس :
5418
عنوان مقاله :
Using ChatGPT as a Static Application Security Testing Tool
پديدآورندگان :
Bakhshandeh Atieh bakhshandeh@rcdat.com Research Center for Development of Advanced Technologies , Keramatfar Abdalsamad keramatfar@rcdat.ir Research Center for Development of Advanced Technologies , Norouzi Amir norouzi@rcdat.ac.ir Research Center for Development of Advanced Technologies , Chekidehkhoun Mohammad Mahdi chekidekhoon@rcdat.ir Research Center for Development of Advanced Technologies
كليدواژه :
Artificial Intelligence , based Code review#ChatGPT Model# Common Weakness Enumeration# Static Application Security Testing#Vulnerability Detection#
عنوان كنفرانس :
بيستمين كنفرانس بين المللي انجمن رمز ايران در امنيت اطلاعات و رمزشناسي
چكيده فارسي :
In recent years, artificial intelligence has had a conspicuous growth in almost every aspect of life. One of the most applicable areas is security code review, in which a lot of AI-based tools and approaches have been proposed. Recently, ChatGPT has caught a huge amount of attention with its remarkable performance in following instructions and providing a detailed response. Regarding the similarities between natural language and code, in this paper, we study the feasibility of using ChatGPT for vulnerability detection in Python source code. Toward this goal, we feed an appropriate prompt along with vulnerable data to ChatGPT and compare its results on two datasets with the results of three widely used Static Application Security Testing tools (Bandit, Semgrep and SonarQube). We implement different kinds of experiments with ChatGPT and the results indicate that ChatGPT reduces the false positive and false negative rates and has the potential to be used for Python source code vulnerability detection.
