A Pilot Study on Secure Code Generation with ChatGPT for Web Applications

Conversational Large Language Models (LLMs), such as ChatGPT, have demonstrated their potent capabilities in natural language processing tasks. This paper presents a pilot study that uses ChatGPT for generating web application code with a specific emphasis on mitigating four prevalent web application vulnerability types: SQL Injection, Cross Site Scripting, Carriage Return Line Feed Injection, and Exposure of Sensitive Information. The paper uses a case study to illustrate how the vulnerabilities in the code are mitigated with the prompts and the subsequent refinements. The study's findings summarize the security concerns in the code generated by ChatGPT, and the paper proposes a prompt pattern designed to help mitigating the potential vulnerabilities.