The source most of server side Application vulnerabilities is the underlying source code that is being used to create this application. The first question that came to my mind how useful can ChatGPT be in understanding the vulnerabilities and learning how to test and exploit the vulnerabilities. So I started my research with vulnerable code snippets and submitting the code snippets to see what ChatGPT would do it. For the most part ChatGPT is able to detect the code vulnerabilities right away and also providing recommendations on how to remediate them.
Everyone agrees on the enormous potential that ChatGPT can have for Cybersecurity experts but can we use it to create an exploit.
When it comes to providing exploits ChatGPT is restricted for the obvious reason that it could be used by bad actors but it does provide you detail instructions on how to introduce the vulnerability to the application and how to test it. It also provides remediation options. The next best thing we can use it for is setting up Vulnerable Applications that you can use to practice you hacking skills.
I found out that when it comes to setting up your own Hacking lab it could prove very useful with some draw backs being some of the recommendations on how to exploit the vulnerability don’t work and in some cases surprisingly made mistakes even on simple exploits. In any case using some of the boiler plate code recommended by ChatGPT and a little bit of research I managed to create vulnerable web Application with Frontend using react and backend spring boot and introduced multiple server side well known vulnerabilities. I shared my experience on what worked for me on YouTube video below. In the coming blog posts I plan on releasing the source code and detail instructions on how to deploy and start hacking the Application. For now I have shared my experience on how to get started.
Recent Comments