How Risk Executives Can Prioritize Full Stack Technology Coverage Now

How Risk Executives Can Prioritize Full Stack Technology Coverage Now

Security leaders have become increasingly clear on one thing: Application Security (AppSec) has grown more complex and complicated than ever before. With the rise of cloud computing, microservices, and continuous integration/continuous deployment (CI/CD) pipelines, the attack surface has expanded dramatically. More tools, more data, more potential vulnerabilities—it’s no wonder that many organizations are struggling to […]

Bridging the Gap: Integrating SOCs into Application Security for Enhanced Cyber Resilience

1

Historically, Security Operations Centers (SOCs) and Application Security (AppSec) programs have operated as distinct entities within the broader cybersecurity framework of an organization. SOCs have been the stronghold of real-time threat detection, analysis, and response, monitoring networks for signs of malicious activity and managing incident response to mitigate potential damage. Conversely, AppSec has focused on […]

Think CEOs Are Not Liable for Cyber Risk….Think Again

9

The Cybersecurity and Infrastructure Security Agency (CISA) recently released its new Secure Software Development Attestation Form. The announcement indicates an ongoing trend placing the cybersecurity onus on software vendors and their organization’s leadership, specifically their CEOs. This mandate is much more than a compliance checkbox. It’s a call to CEOs to foster a security culture […]

Eliminating Manual AppSec Practices with Active ASPM

active aspm blog graphic

OX Security has proudly announced the launch of our pioneering Active Application Security Posture Management (Active ASPM) platform. My pride in our team’s dedication and development in bringing this solution to life is boundless. Yet my focus is not intended to dive into all of the details of this release, though I may mention a […]

2023, the Year of the OX: Reflecting on a Year of Momentum

Momentum Blog Image

As we approach the close of 2023, it marks a moment for reflection, assessing our achievements, and expressing gratitude to those whose trust and collaboration have propelled OX Security forward. Despite the twists and turns, our team exhibited resilience, innovation, and substantial growth throughout the year. This success is a testament to the unwavering support […]

The Essential Guide to Correctly Implementing a Mandatory Access Control Model

The Essential Guide to Correctly Implementing a Mandatory Access Control Model

Most enterprise software today runs in hybrid environments (a mix of on-premises data centers, private and public clouds) with data coming from multiple sources. The distributed nature of this software offers immense benefits in reliability and scalability. Still, it also presents new risks as organizations must manage sensitive and private data like login secrets, database […]

5 Azure Security Best Practices to Implement Today

5 Azure Security Best Practices to Implement Today

Four in every five enterprises are set to increase their cloud budgets over the next 12 months. If everyone’s doing it, surely you’re thinking that it’s time to jump on the bandwagon.  The great thing about cloud migration is that it isn’t a bandwagon, a phase, or a fad that’s going to pass by. It’s […]

5 Top JavaScript Vulnerabilities You Need to Know

5 Top JavaScript Vulnerabilities You Need to Know b

Netflix, Google Maps, and YouTube are just three of the millions of JavaScript users. As the most popular programming language in the world, 16.4 million developers use it, and it’s commonplace on almost every computing device on the planet.  But more users and popularity means more hackers attempting to access the code. Undetected flaws and […]

5 ways to limit exposure to critical OpenSSL vulnerability

About OpenSSL Everyone depends on OpenSSL. OpenSSL makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and most other operating systems. It’s also what is used to lock down almost every secure communication and networking application and device on the market today. Because of its ease of use and, most […]

SDLC Security vs Compliance

Compliance and SDLC security are closely linked. Both share a commonality: managing risk. Though the two are used interchangeably, compliance is not necessarily security. You can be compliant but not secure. This post will explain the differences between compliance vs. SDLC security and why both are important for your business. Let’s dive in. What Is […]

A Guide to Protect You Against the Zip Slip Attack

A step by step guide to the zip slip vulnerability attack

Digital transformation drives everything in our daily lives.  Adoption of mobile is at the heart of this paradigm shift. For instance, mobile apps contributed to a staggering 230 billion total downloads in 2021, with over $170 billion spent on the app store. This trend only appears to grow and will reach 7.49 billion mobile users […]

5 Steps to Improve Your Cyber Risk Score

Cyber Security Risk Score

Today’s cyber-vulnerable world demands proactive strategies to eliminate cybersecurity risks. So why do organizations lack the IT security resources and awareness to tackle security issues?  Over 85% of organizations have witnessed a successful cyber attack in the last 12 months, according to the 2022 Cyberthreat Defense Report. Fines, reputational damage, and business loss are not […]

5 Ways SDLC Security has Changed in 2022

Developers, heads of security, and product teams are noticing significant changes. Similar to how quality assurance (QA) became part of the Software Development Life Cycle, security is also becoming part of the SDLC. However, despite this step in the right direction, a lack of processes and standardization, broken code, and bugs still pose huge hurdles […]