Conquering Application Security Complexities with ASPM: A Strategic Imperative
Organizations today face unprecedented challenges when trying to manage security risks in their software development environments. The widespread adoption of cloud-native technologies, the rapid pace of software development, and ubiquitous reliance on open-source code introduce new layers of complexity. These challenges are further exacerbated by the use of fragmented, disparate application security tools that must […]
Automating Secrets Management
With the dawn of cloud services, businesses faced new cybersecurity challenges. Moving from on-premises networks to decentralized cloud environments meant security teams had to invent new models for protecting everything they put into the cloud as well as how authorized users accessed cloud environments. Try as they might, teams weren’t hugely successful in porting on-prem […]
Should AppSec Teams Be More Concerned About Pipeline Vulnerabilities?
In recent months, GitLab has addressed multiple critical vulnerabilities related to its CI/CD pipelines, underscoring the growing concern for AppSec teams around pipeline security. CI/CD pipelines, such as those provided by GitLab, are integral to modern software development. They automate workflows to build, test, and deploy code, making development faster and more efficient. However, these […]
OX Security: Leading the Way in Application Security Posture Management (ASPM)
As organizations face increasing challenges in securing their software development environments, OX Security has emerged as a leader in Application Security Posture Management (ASPM), according to the recently published Frost Radar™: Application Security Posture Management, 2024. With our innovative approach to application and software supply chain security, the Active ASPM OX Platform has not only […]
Navigating the Challenges of Vulnerability Management: Reachability Analysis Explored
In today’s cybersecurity landscape, managing vulnerabilities is more complex than ever. As the number of reported vulnerabilities continues to grow, it’s crucial to understand which vulnerabilities pose real threats and which are mere nuisances. This article explores several key concepts that impact software vulnerability management, from the importance of reachability analysis to the pros and […]
Eight Reasons Why a Data Fabric Will Improve Your AppSec
The current state of application security is a bit like trying to solve a 1,000-piece puzzle that doesn’t include all the pieces. In the early days of AppSec, standalone tools were invented to tackle specific threats. Those tools served their purpose for the time and all was well. However, over time, as software development changed, […]
CNAPP and ASPM — Friends or Foes?
The backstories of AppSec and cloud security In an industry that moves so quickly and pivots so frequently, it’s easy to forget that the term and discipline of application security (AppSec) emerged in the late 1990s and early 2000s. Driven by what was considered rapid web application growth at the time, the Open Web Application […]
Using OSC&R and ASPM to Perform a Digital Learning Loop with Agentless ADR
Digital Learning Loops (DLLs) are gaining attention for their role in continuously enhancing processes through iterative learning and feedback. In application security (AppSec), a DLL initiates by collecting data from various security processes and system interactions. How a DLL works in AppSec In application security (AppSec), a Digital Learning Loop (DLL) begins by collecting […]
Five Gartner Reports. Four Categories. What Does OX Security Do Anyway?
Analyst firms play an important role in the tech vendor landscape. Their reports help buyers and would-be buyers learn about vendors and their offerings. In cybersecurity, in particular, buyers use analysts’ outputs to build shortlists prior to thee kick-offs of their individual deep dive evaluations — in some categories of tools, the field is simply […]
How ASPM Solutions Help Organizations Prepare for the EU’s DORA
The European Union’s Digital Operational Resilience Act (DORA), passed in late 2022, is set to take full effect by early 2025. DORA establishes new cybersecurity standards for financial institutions operating and doing business in the European Union (EU), given their heavy reliance on information and communications technology (ICT). Recognizing the systemic risks posed by ICT, […]
What Is Application Detection and Response (ADR)?
Application detection and response (ADR) is an emerging cybersecurity category that focuses on application visibility, protection, and remediation. ADR is a comprehensive and proactive approach to application security that incorporates automation, prioritization, contextual analysis, and allows security and development teams to facilitate enhanced threat detection and incident response. The cybersecurity lingo landscape is filled with […]
A Top-Ten List You Don’t Want to Be On
OX Research Maps Most Common Supply Chain Vulnerabilities to Attacker TTPs For our recent threat research report, OSC&R in the Wild: A New Look at the Most Common Software Supply Chain Exposures, we analyzed over 100,000,000 software supply chain alerts and mapped the most serious vulnerabilities to OSC&R, the first-of-its-kind threat matrix of TTPs used […]
The Essential Role of Multi-Layered Defense and Role Based Access Control: OX Security’s Enhanced RBAC Functionality
Many debates have been started about where to put the first layer of defense in cybersecurity. Do you start at the network layer? At the data layer? On the endpoint? Around the application? The reality is that cybersecurity isn’t an “either/or.” The only suitable solution for cybersecurity efficacy and resilience is to approach systems, humans, […]
Empower Your Developers with Software Supply Chain Security
Gartner names OX Security as representative vendor in Emerging Tech Impact Radar: DevOps report The historical friction between software developers and cybersecurity teams is a thing of legend. Developers are traditionally focused on building new applications and updating production applications with cutting-edge features and functionality while ensuring they’re meeting tight deadlines. Security teams, on the […]
Understanding Your IT Dependencies: Unpacking the Crowdstrike Windows Outage
Happy almost weekend, everybody…or, not, if you’re in IT…or trying to travel…or get medical attention…or just get your work done and start the weekend off with a bang… Many of us have woken up to the news of a massive global outage caused by a Crowdstrike Falcon endpoint sensor update for Windows hosts. From airlines […]
Three Ways Ox Security Helps You Achieve FedRAMP
Compliance mandates are a fact of life for security teams. There is no shortage of rules and regulations businesses must meet to certify that their organizations are architecting to specified standards for data handling, access controls, testing and auditing, and so much more. Over the years, cybersecurity teams have bemoaned the fact that “compliance does […]
A Playbook for Detecting the OpenSSH Vulnerability – CVE-2024-6387 – regreSSHion
The Qualys Threat Research Unit has discovered a new “high” severity signal handler race condition vulnerability in OpenSSH’s server software (sshd). According to the research, this vulnerability has the potential to allow remote unauthenticated code execution (RCE) for glibc-based Linux systems. This CVE has the potential to affect 14 million servers. Exploitation of this bug, […]
Third-Party Trust Issues: AppSec Learns from Polyfill
By now, you’ve likely seen the LinkedIn posts, the media stories, and even some formerly-known-as “Tweets”: The latest exploit to hit front pages is the malicious use of polyfill.io, a popular library used to power a large number of web browsers. As per usual, there’s a ton of speculation about what’s happening. Is this the […]