Page 137 - Cyber Defense eMagazine September 2025
P. 137

The challenge then becomes to demonstrate return on investment (ROI) & the constant pressure to keep
            these applications & platforms safe from relentless outside attacks

            Leveraging AI can argument the human capability & support in enhancing operational efficiency

            Below are sample use-case types which can be considered for AI integration in application security

               •  Summarizing guidelines, best practices, specific instructions & reference secure codes based on
                   secure coding policies of the organization for different programming languages
               •  False positive removals from static and dynamic security testing tools & reports
               •  Integration of AI in manual Pen testing
               •  Leverage AI to prioritize vulnerability remediation
               •  Leveraging AI in test/assessment report creation

            The above AI use-cases are at different level of maturity within the industry today, while there are many
            tools  which  demonstrate  good  success  in  vulnerability  remediation  prioritization,  removal  of  false
            positives & providing secure coding references, some of the use-cases will still need more maturity like
            AI integration in manual pen testing

            Leveraging AI in manual pen testing is an interesting topic, one that probably needs more research and
            maturity, how-ever the question that everybody is asking, whether manual pen test (humans) will be
            replaced by AI enabled pen tests?

            In penetration testing which requires critical thinking, logical co-relation & applying contextual knowledge
            during  the  testing  itself,  there  is  less  probability  that  AI  enabled  pen  testing  will  eventually  replace
            humans. But AI will augment the capabilities of humans & support in scaling up the operations, hence it
            is important for pen testing teams to develop AI functional understanding of the models enabling AI pen
            testing & capability to operate and manage AI enabled pen testing tools/apps built on top of those models



            Augmentation of the human

            Pre-testing:


            Thorough understanding of the application

               •  The most important part of conducting a successful pen test is to first understand the application,
                   its business requirement/logic, environment to gather as much as contextual & technical/security
                   information as possible
               •  AI chatbots can be used to create a structured document based on the transcript of the meeting,
                   so that AI can quickly provide the information in order of priority in a structured and well-defined
                   manner
               •  This will reduce the time of the tester to understand the application & also reduce overall response
                   time







            Cyber Defense eMagazine – September 2025 Edition                                                                                                                                                                                                          137
            Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
   132   133   134   135   136   137   138   139   140   141   142