Past week I was helping to the great, the onlyone, the incredible vendetta to get screenshots for a talk that he offered to the UANL.
In some parts he talked about automation vs manual testing, and mentioned.. yeah, of course, ChatGPT.
The example was a XSS in a timestamp value. He detected manually the XSS, and just tried to do the same using the ChatGPT.
We know that currently all are doing that, but the scaring thing was not it. The scaring thing is that vendetta pasted the request, the request had 12 fields, very similar but just one was vulnerable.
In past times, pasting code, ChatGPT was more like a Wikipedia, answering with references to OWASP, but without detecting any vulnerability. But in this time, it was like ChatGPT actually launched the request, and analized the reponse.
Is it possible?, is it legal?.. What do you think?
0 comentarios en “Scared times” Añade los tuyos →