The Challenge: Traditional AppSec Limitations​

In today's fast-evolving software landscape, Application Security (AppSec) teams face mounting pressures:

• Limited resources and budget constraints
• Increasing need for proactive security
• Manual processes that can't scale
• Time-consuming security assessments

However, advancements in Artificial Intelligence (AI) and Large Language Models (LLMs) provide a promising solution.

The Traditional AppSec Challenge​

Historically, AppSec teams engage with development teams to identify and remediate vulnerabilities early in the Software Development Lifecycle (SDLC). While these efforts are critical, they're typically manual and time-consuming. Tasks like risk classification, threat modeling, code reviews, and security assessments depend on human expertise and are subject to individual variability.

The Opportunity with Generative AI and LLMs​

LLMs like OpenAI's models are reshaping the way we approach software development, providing capabilities to automate repetitive, labor-intensive tasks. By understanding and generating human-like text, these models can simplify complex security tasks, making AppSec more efficient.

Imagine a scenario where LLMs could automate routine security reviews and handle tasks that were previously too minor to warrant manual oversight, thereby expanding the coverage of an AppSec team without additional personnel.

Introducing AI-based "Security Oracles"​

Using frameworks like Retrieval-Augmented Generation (RAG), organizations can implement AI-based "Security Oracles." These AI agents can:

• Query best practices
• Access security policies
• Analyze organizational data
• Provide contextual security insights

For example, SecurityGPT could answer questions, generate tailored recommendations, and produce security documentation by leveraging an organization's existing resources.

High-Level Workflow: AI-Enhanced AppSec Activities​

Here's a breakdown of how AI agents could streamline a security review process, using the Security Review Process Funnel as a model:

1. Risk Classification​

• AI-powered risk scoring based on technical specifications
• Alignment with organization's framework
• Automation of lower-risk assessments

2. Rapid Risk Assessment​

• Integration with Mozilla's RRA guide
• Automated impact analysis
• Instant report generation
• Standardized evaluations

3. Security Review Types​

Implementing AI Agents in AppSec: Key Benefits​

Benefit	Description
Scalability	Automate repetitive and low-risk assessments
Consistency	Reduce variability in risk assessments
Proactivity	Monitor code changes and identify vulnerabilities early
Resource Optimization	Maximize impact of existing security engineers

Envisioning the Future of AppSec​

Conclusion​

Integrating AI into AppSec marks a revolutionary shift in security practices, enabling organizations to scale their security efforts without adding personnel. While manual oversight remains crucial, the combination of human expertise and AI-driven automation offers a future where AppSec is:

• ✅ Faster
• ✅ More consistent
• ✅ Ultimately more effective

After thinking about launching my personal website for quite some time, I’m excited to finally make it a reality! I had tried tools like Wix in the past, but they never quite stuck. Enter Docusaurus—a game changer. The simplicity of its bootstrap template and how easy it is to learn made the process not just straightforward but fun. Building this site has been a rewarding experience, and it feels great to have a platform where I can share more about who I am and what I do.

This site will be a blend of everything that interests me. From my work in tech, to my adventures in travel, to my love of good food, I’ll be regularly updating the blog section with posts on all these topics. So, whether you’re here to learn more about my professional journey or to see what I’ve been up to outside of work, there will be something for everyone.

I’m looking forward to sharing my thoughts and experiences with you. Stay tuned for more updates!

I had this amazing opportunity with my company to stay in France for 4 months end of 2018. The year in general has been rough, But this opportunity at the year end gave me a great chance to travel around Italy as I was staying in south of France bordering Italy and it was in an hours reach. You hop in to TER sleep for a hour and before you realize you are in Italy travelling along the beautiful Cote’d’Azur. I had the opportunity to visit Milan, Florence, Piacenza, Rome and Pisa. It wouldn’t make justice me describing the landscape in words since I am no author, I will leave it for you to Google it.

Florence had an amazing food scene. To me the most important was to try out a good pizza and gelato and yes i did find the right spot. If you are the person who doesn’t like random stuff thrown in your pizza and you prefer it simple and classic Gusta’s Pizza is your place. Located across River Arno just opposite Piazza Pitti where you can wander around the beautiful street paintings is a small shop selling just few varieties (If my memory serves right, Around 7) types of pizza. I had the Gusta’s pizza and justice was right served at my table.

Once you finish relishing the pizza your ordered, Take a small stroll around River Arno to let your pizza settle. Give room for the cheese to melt it and absorb and become part of you while you enjoy the beautiful view of the roof Palazzo Vecchio from other side of the river. Just a block ahead is the spot you need to go in to get your amazing Gelato experience. Walk in to Gelateria La Carria and not anything else around the block (They are all really expensive) except La Carria. Wait for the hostess to greet you and play around the flavours to create your desired Gelato.

To me food in Italy is the best I have had around in my experience so far travelling. I wont take India in to consideration as those are completely different types of food. A general rule of thumb, never wander in to any place that is touristy just walk the extra mile to find the hidden gem and you wouldn’t be disappointed. This was how i discovered an amazing pub by the name Angies Pub (BTW Angie is a guy). The ambience was cozy and the people were extremely friendly and the mood was lit. Have a sip of Italian beer and smile your way down the streets

What happens when you were told that you have a terminal disease in your liver and you are counting your days. This happened just a few days back to my dad who was living a healthy life. Part of the reason why we din’t see this coming or even couldn’t imagine him being pushed in to this state is because you don’t see major symptoms. They just bham you right in your life and cause panic and utter confusion around all the loved ones.

Things unfolded very quickly when my dad had some pain in the stomach and was taken to a nearby doctor who loaded him with medicines and suggested if you get pain in the future visit me. It wasn’t a satisfactory answer for my mom who wanted a cure for her husbands pain rather than a temporary relief. She furthered it with another consultation with one of the specialist in town and that day marked the turn down of events in my dads health. He was diagnosed with HCC and the doctor suggested to go ahead with TACE procedure. But later the next day after another round of scans he and a team of doctors suggested TACE is not possible and only TARE could be done at this moment and it should be noted that all these are palliative treatment options. He was prescribed to be on Sorafenib as that’s the only other medication if the former was not performed. I was midway to my hometown to realize and understand what my family has been drawn in to and support them.

What i witnessed at first sight was how health and medicine has turned in to a multi billion dollar industry in India. This was my first thought that ran in my mind when i visited the hospital to discharge my dad. Fortunately i had my family insured as the government does not provide any support to a common man. But my insurance was a minimal cover and it could hardly cover my dads expense. My sister was the strongest in the house in terms of getting things done. She fought our way to get my dad discharged before we could commit in to any treatments. Based on the reports there was no biopsy done to assert that it is cancer, what he had for sure was advanced cirrhosis. Either way both are terminal.

The following days we visited multiple doctors and talked with Radiologists, friends and relatives. Everyone turned sympathy towards us and suggested their own doctors on this line which made us to believe there is at least something that could be done to his condition. But reality had a different answer, opinions from multiple doctors were the same. Do radiation or either leave it at its state with the current medication. As a son i was confused as to what to decide Should I experiment him with medicines and treatments that can prolong his life with pain? We decided with a belief in God lets continue the current medication and change his eating habits and stop him from his work, which was more physical.

Ever since then, every day is a milestone for us. Making my dad stay home was difficult as he has never done it in his life. We are doing our best to provided him with proper nutrition. The following are something to note and rush to a medic to prevent a terminal liver disease. Out of all he is a diabetic and as we know it is a slow killer.

Weight Loss (Gradually over the months) Watch your sugar level in your body (If you are diabetic) Gradual loss of apetite Felling of contentedness with less food. Ways to over come it and safeguard your liver. Watch your food intake

Reduced salt usage No fat food (Oil less food) Split your meals across the day. Keep your mind healthy and positive and leave negative thoughts at bay. My dad always believed that a sound mind in a sound body and i too strongly believe the same in keeping his mind strong thereby enriching his body to fight the terminal evil that is with in him.

So have you all been wondering whats this new play from facebook is all about, even i too have the same anxiety to know what it is all about?, first of all why graph search?, when we have the giant google and many other toddlers out there. Lets get in to what made facebook launch a extensive social search engine and how does it function with our privacy in its hand.

I don’t have to explain what facebook is, if i do i would be the most dumbest blogger ever, right away getting in to the graph search. It’s always nice to share music and to know interests of people in our social circle with whom we can share our opinion in our area of interest,also this gives a great opportunity for an individual to widen his networking and social skills. Yes this is what graph search is all about . For instance it lets you corner down friends who liked Transformers and live in Montreal or if you are a foodie, it will help you corner down your besties who loves munching poutine at La Bansique or who loves eating at thattu kadai in Chennai. It creates a better platform for you to stay connected than to just chat and exchange conversations.

So why has facebook really forayed in to search engine. I pretty much feel this might be a great move from facebook post their rocky IPO offering, but this hasn’t managed to increase the stock price of facebook as it still continue to remain low since it was offered.

Now arises a great question for those who feel privacy is something that needs to be watched and taken care of, obviously if you don’t want your girl friend to find that you have hanged out with a different while still you are in a relationship. It’s time my friend you start un-tagging all those pictures of you before you get caught red handed ;). Time and again facebook has played the spoil spot for lover boys and this one is one such great tool for all the girls out there.

This might surely not be what google search is capable of or what it does, but is surely a great platform in the social search engine scenario which could grow in to something more dependable in future. Imagine searching google for a restaurant and reading its reviews on yelp or any other site for that matter would not be that handy when compared to your own friends review on that restaurant, which you feel is going to be more reliable, that is graph search all about.

Hope you enjoy it folks, sign up here to join the waiting list to be one of the first to experience the power of social search.

I know everyone out there in the cyber space associated towards India must be aware of the news of the Brutal rape of medical student in the national capital. This had given enough substance for the Indian media to rave about for the coming months until a celebrity love breaks or the birth of a celebrity baby. Now i am making it clear, me writing this blog either makes no difference to the society or writing about the incident and feeling for the victim doesn’t cover up a bit to the grieved family. But i don’t have a place apart from this to share what i have in my mind and reading this if anyone in any corner of the world finds a change i would be the most happiest.

For those who are completely lost what i am talking about here is a link which would brief you what exactly i am trying to convey about. Firstly what exactly is causing all men out there to go mad, the following weeks have witnessed some brutal rapes of 70 year old women a three year old child, so where exactly are we heading, are we heading to prosperity and development at the end of 2020 or these are signs of what India is and will be by 2020. The feeling of mutual respect to the opposite gender must be first emphasized right from the schooling.

Its Just a Month From my perspective good education is the one, which could bring about a change to the individual thereby improving the society, so what has the government done to improve this. As far as i know there aren’t much schemes which motivates kids being sent to school, Right to education is just a right and we can proudly say that we have a right which doesn’t give anything out of it. Freebies! government gives TV,grinder, and most of the households for free, instead why cant they give free education and accessories which support the education for free to the desired aspirants who are out there in numerous number.

There are only very few model villages. one such worth mentioning is Punsari in gujarat. villages are the backbone of India and real development starts only from here. I would say the governance at its poorest form in India, good governance and development automatically blossoms when respect is mutual for all the gender. There are incidents which leaves our minds in a state of fizzy and this is one incident which had grasped the attention of all the parts of the society. it was a poor show by the administration of the hospital to shift her to Singapore for treatment. Who are they trying to fool ?

Have you ever wondered what would happen, when you are a forensic and in a position where u could not retrieve data from the culprits system since its encrypted using whole disk encryption software, then what’s your stand. This was eventually set in our mind when we started working on the project for recovering cryptography keys and we had particularly targeted only Truecrypt as we didn’t have much time to work on.

The use of strong encryption into operating systems has created a challenge for forensic examiners potentially preventing from recovering any digital evidence from a whole disk encrypted system. Because strong encryption cannot be circumvented without a key or passphrase, forensic examiners may not be able to access data after a computer is shut down . Whole disk encryption software such as PGP and TrueCrypt enable file-level encryption, as well as disk-level encryption that may be mounted as a volume and used to store data . TrueCrypt encrypts the whole disk using a selected encryption algorithm and hash algorithm, thus generating master key and secondary key which is based on multiple criteria .

The software needs to store the key in RAM, so a dump of the RAM can reveal the key. Dumping the RAM on a running system from another computer, without altering the integrity of the disk can be performed through FireWire (also known as IEEE1394 Bus). Another technique, called cold boot attack , suggests to physically shutdown and cool the DRAM chips and insert them in another computer, which can cause memory integrity errors and hence the need to perform additional recovery operations on the key. Here, the dump of the RAM is errorless.

Our project was phased in to three important part of development of which are given below as follows

1. Dump the RAM using Inception through FireWire Inception is an open source tool written in Python, made to exploit FireWire connection to get access to the RAM. It tries to establish a Direct Memory Access connection to further initiate a dump of the memory and write it to a local file.

2. Develop a key extraction software for TrueCrypt 7

AES encryption is a cipher based on Substitution-Permutation (SP)-network that works with 128, 198 or 256 bit keys. TrueCrypt uses the 256 bits version for an encryption using AES. Because this cipher is widely in use, fast in both software and hardware and is regarded as the de-facto standard in most new cryptographic applications, we will focus on it in this project.

3. Prepare an automated procedure to show the success of the attack on a running system