Attack Path Analysis Press Release

Press Release: Optimizing Application Security with OX Security’s Attack Path Reachability Analysis

attack path blog image

New Features Empower Organizations to Mitigate Risks in Software Supply Chains.


RSA CONFERENCE, SAN FRANCISCO — May 7, 2024 — OX Security, a leader in Active Application Security Posture Management (ASPM) and a founding member of the Open Software Supply Chain Attack Reference (OSC&R) framework, today unveiled its latest innovations: Attack Path Reachability Analysis, SaaS BOM, and API BOM. These new features provide enterprises with immediate insights into software supply chain risks originating from code, APIs, and cloud environments. By visualizing and mapping the attack path, users can adopt an adversary’s mindset, distinguishing between critical vulnerabilities and general hygiene issues to enhance risk mitigation. 

With a striking 742% increase in software supply chain attacks from 2019 to 2022, the urgency for proactive security measures has never been greater. However, AppSec teams continue to grapple with the overwhelming task of filtering through 90% of meaningless data brought on by a barrage of alerts without evidence. 

To tackle these issues, OX Security provides a new visualization and data layer that evaluates exploitability, applicability, and reachability even extending to the discovery of all APIs exposed by an organization’s applications. Unique to OX, this approach covers a broad spectrum of attack vectors, including vulnerabilities in third-party libraries, supply chain attacks on build systems, and compromised software updates, moving beyond the conventional tools that often burden AppSec teams with lengthy lists of issues.

“With OX Security’s latest advancements, we are not merely reacting to these challenges, we are preempting them,” states Neatsun Ziv, CEO and Co-Founder, OX Security. “This is about transforming how organizations protect themselves by providing not just data, but actionable insights; not just information, but a comprehensive understanding through the Attack Path which is connected by an AppSec Data Fabric. This is the future of security— intuitive, powerful, and absolutely essential.”

Features Include: 

Comprehensive Vulnerability Insights for Effective Threat Modeling: Detailed visualizations provide users the insight to dissect potential attack vectors, entry points, data flows, and the likely progression of an attacker from code to API, network, and cloud. This level of detail provides customers with crucial data on the direct impact and exploitability of identified issues, empowering them to focus on actual risks rather than theoretical severity.

Holistic Issue Review: Three tailored levels of security analysis — Code, API and Cloud Analysis — are integrated into one comprehensive evaluation. This unified approach not only deepens understanding of threats but also ensures that every potential risk is identified and assessed, enhancing the effectiveness of security measures.

Targeted Issue Prioritization Based on Reachability, Applicability, and Exploitability: Through proprietary data collection, de-duplication and normalization, risks are meticulously prioritized based on reachability, applicability, and exploitability. This strategic focus allows customers to concentrate their remediation efforts on the most accessible and critical vulnerabilities via APIs, SaaS, and cloud environments, significantly minimizing potential risks.

Real-time Cloud Monitoring and Artifact Management: The platform systematically tags applications based on their exposure and tracks artifacts to assess their activity in cloud environments, enabling customers to efficiently monitor and verify the operational status of artifacts and containers in the cloud.

Advanced Asset Inventory with SBOM+ and API/SaaS BOM Drill-Downs: Enhanced BOM capabilities provide a comprehensive review of libraries, API usage, and SaaS dependencies. These detailed inventories not only prevent surprises but also reduce manual tracking errors and ensure that users have immediate access to the most current insights, especially critical in managing third-party incidents.

“The integration of the Attack Path Reachability Analysis into the Active ASPM platform easily brings traditional security methodologies to AppSec teams, empowering organizations to strategically allocate resources to areas of greatest risk. This approach not only enhances the efficiency of AppSec, DevOps, and product teams but also magnifies their overall impact,” stated Lior Arzi, Chief Product Officer and Co-Founder of OX Security. 

Learn more at

About OX
At OX Security, we’re unifying application security (AppSec) with the first-ever Active ASPM platform, which ensures seamless visibility and traceability from code to cloud. Leveraging our proprietary Pipeline Bill of Material (PBOM) technology, OSC&R framework, and Attack Path Reachability Analysis, OX delivers comprehensive security coverage, contextualized prioritization, and automated response and remediation throughout the software development lifecycle. Recently recognized as a Gartner Cool Vendor and a SINET 16 Innovator, OX is trusted by dozens of global enterprises and tech-forward companies. Founded by industry leaders Neatsun Ziv, former VP of CheckPoint’s Cyber Security business unit, and Lior Arzi from Check Point’s Security Division, OX’s Active ASPM platform is more than a solution; it empowers organizations to take the first step toward eliminating manual AppSec practices while enabling scalable and secure development.


Suzanne Tuchler

Eskenzi PR for OX



Subscribe for updates