OWASP AppSec Days India 2024 (Virtual)

      The ATT&CK LENS framework introduces an innovative approach to cybersecurity analysis by leveraging advanced artificial intelligence (AI) for dynamic visualization and exploration of the MITRE ATT&CK framework. Designed to address the growing complexity of cyber threat data, ATT&CK LENS enables cybersecurity professionals to analyze and visualize relationships between threat actors, malware, campaigns, and their associated techniques and tactics with unprecedented ease and precision. At its core, ATT&CK LENS is built on a robust AI-driven architecture that utilizes Natural Language Processing (NLP) and Retrieval-Augmented Generation (RAG) to interpret and process user queries expressed in natural language. This capability allows users to generate complex visualizations without the need for manual input or technical expertise. By transforming plain English queries into actionable data visualizations, the framework empowers users to explore the MITRE ATT&CK matrix in a more intuitive and efficient manner. The backend of ATT&CK LENS is implemented using Flask, a lightweight web framework that facilitates rapid development and integration. The visualization engine is powered by PyVis and NetworkX, which enable the creation of interactive network graphs that depict the intricate relationships within the ATT&CK dataset. These visualizations are not only dynamic but also customizable, allowing users to apply filters such as source_ref, relationship_type, and target_ref to refine the data displayed. One of the key strengths of ATT&CK LENS is its modular design, which ensures scalability and adaptability. The framework is designed to seamlessly integrate with the latest MITRE ATT&CK dataset, ensuring that users always have access to up-to-date information. Additionally, the modularity of the framework allows for future enhancements, such as the incorporation of additional AI models, data sources, or integration with other cybersecurity tools. ATT&CK LENS also includes a zero-touch capability, meaning it can automatically adapt to updates in the MITRE ATT&CK framework without requiring manual intervention. This feature significantly reduces the maintenance burden on users, ensuring that the framework remains a reliable and up-to-date resource for threat analysis. The framework’s AI component is particularly powerful in correlating tactics, techniques, and procedures (TTPs) to identify potential threat patterns and vulnerabilities. By using advanced AI models, ATT&CK LENS can process vast amounts of data and generate relevant visualizations that highlight critical threat relationships. This capability is crucial for cybersecurity professionals who need to make informed decisions in a rapidly evolving threat landscape. The framework has been rigorously evaluated through internal user testing, where it demonstrated significant improvements in both the speed and accuracy of threat analysis. Users reported a substantial reduction in the time required to analyze complex threat data and a marked improvement in their ability to identify and understand key threat relationships.

In ever evolving software development world, security is also becoming fast paced. Hence, each product going through the pentest cycle has to be managed effectively and efficiently. Managing multiple pentests and testers is important. A single pane of glass view for all of these with risk posture is helpful. Security penetration testing is becoming as necessary and as usual a practice as software testing. Most, if not all, organizations either have their own penetration testing team or they utilize third-party pentesters.

Imagine any fast-paced organization developing multiple product lines and planning to release each of them from time to time. It becomes challenging for the organization's security team to efficiently manage all of these pentest activities running and effectively produce security assessment reports and track them. Because of such volume of work, the numbers of pentesters in organizations are increasing to keep up. Each pentester is doing multiple pentests. The next cycle of a previous pentest can get assigned to another pentester. Each pentesting cycle has issues and recurring issues. And above all, managing all these using Excel worksheets is nightmare. A pentesting activity knowledge base is kind of must. A single-pane-of- glass view to all pentests running, and the issues identified, is a necessity for everyone involved in the security review cycle. To solve these challenges, I have developed a solution called Managing Pentest (MPT): Pentest in Action.

MPT helps us solve various problems:
- Asset DB to know all organisation assets that are in pentest process. You can’t secure what you are not aware of! - Tracking each pentest
- Pentesting activity knowledge which comprises of what particular let say application does, or the purpose of hardware that we are testing
- When the next pentester takes over the testing all they have to do is view the asset and associated information, which is already there
- Time taken for each pentest
- Real time tracking of activity
- Issue status
- Common issues that are observed

Why MPT? MPT also provides security pentest analytics, which helps us not only track and view everything in single pane of glass but also: Finding improvement areas to boost pen tester productivity Understand the current risk posture Understand recurring issues

Introduction to ChatGPT: Uncover the versatility of advanced language models in cybersecurity. Explore their applications in threat modeling. Automating Threat Modeling: Learn how ChatGPT streamlines threat modeling, increasing efficiency by reducing manual efforts. Generating Dynamic Threat Models: See how ChatGPT assists in crafting threat models from system architecture, user stories, and design documents. Elevating Accuracy and Scope: Discuss techniques for refining accuracy and coverage of automated threat models generated by ChatGPT. Integration and Synergy: Explore seamless integration of automated threat modeling into existing security processes. Understand how collaboration between AI systems and security professionals can be encouraged.