Applications with at least one vulnerability

OSC&R Report Exposes Software Supply Chain Security Vulnerabilities

First Annual Report Analyzes Millions of Vulnerabilities Against the Industry’s First Supply-Chain Specific Attack Matrix Software is the foundation on which today’s businesses operate. From standard enterprise applications like customer relationship management (CRM), enterprise resource planning (ERP), and business intelligence (BI), to custom-built applications tailored for specific business use, it’s ... Read More
image1

Context is king: what the next generation of AppSec tools is learning from SIEM

 Success breeds…confusion?   AppSec teams face an average of 118,000 vulnerability alerts across their software supply chain. If even 1% of those are being exploited in the wild, finding – and triaging – them in a sea of noise is difficult at best.    Throw in multiple tools – on ... Read More
💡

Obtaining Security Budgets You Need (Not Deserve): Ira Winkler’s Cybersecurity Playbook for Executives

The biggest problem in cyber security is that CISOs get the budgets they deserve, not the budgets they need—and they need to learn to deserve what they need. The post Obtaining Security Budgets You Need (Not Deserve): Ira Winkler’s Cybersecurity Playbook for Executives appeared first on OX Security ... Read More

SaaS BOM: The Advantage for Securing SaaS Ecosystems

| | SaaS BOM
Introduction It’s not a secret that organizations are increasingly investing in software-as-a-service (SaaS) solutions. It’s not just about keeping pace with competitors; it’s about maximizing efficiency, enhancing collaboration, and driving innovation. However, this power brings challenges, especially the complexities and vulnerabilities associated with these cloud-based services. The latest report from ... Read More
Expanding Software & API Inventories for Modern Compliance & Visibility

Understanding Shadow APIs: Risks and Management

The term “shadow API” might evoke images of covert operations or hidden threats lurking in the digital shadows. While they aren’t the stuff of spy thrillers, shadow APIs can indeed pose significant risks to organizations. These are APIs that operate outside the usual IT controls and cyber defenses, making them ... Read More
Attack Path Analysis GIF

Demystifying Attack Path Analysis in Application Security: Benefits, Implementation, and Considerations

The term “attack path” often brings to mind memories of my time as Chief Marketing Officer for a breach simulation firm, where I learned of adversaries’ tactics commonly seen in traditional security evaluations. However, the ongoing convergence of traditional security methods with application security (AppSec) best practices is progressively obscuring ... Read More
Bridging the Gap: Uniting Development and Security

Bridging the Gap: Uniting Development and AppSec

We recently hosted a webinar on integrating development and security functions to increase organizational resilience. Industry leaders from Repsol, SAP, Payhawk, Rakutan, Vodafone, and IQUW discussed how aligning these crucial areas enhances efficiency. Of course this isn’t a new topic and yet, we keep talking about it. In case you ... Read More

From Alert Fatigue to Actionable Insights: How SCA Fits Into Active ASPM

| | ASPM, SCA
Using third-party components in application development has become a norm rather than an exception. While boosting efficiency and innovation, this trend also opens up a Pandora’s box of security vulnerabilities that adversaries can exploit. The challenge of identifying and remediating these vulnerabilities as early as possible in the development process ... Read More
image (1)

Container Scanning: A Path to Enhanced Vulnerability Management

Over the last few years, containers have emerged as a cornerstone technology, enabling scalability, efficiency, and consistent environments across development, testing, and production. However, the rise of containers has also introduced new security challenges, particularly around managing vulnerabilities that can compromise the entire application stack. By now, you’ve heard about ... Read More

Securing Your Software Development in Compliance with CISA: How OX Security Simplifies the Process

| | Compliance
The Cybersecurity and Infrastructure Security Agency (CISA) recently released its new Secure Software Development Attestation Form, which mandates significant responsibilities and declarations from software producers to ensure the security and integrity of software development and deployment processes. Often, these initiatives can be a considerable undertaking, but don’t worry –  we ... Read More

Application Security Check Up