Understanding and Mitigating Software Supply Chain Risk
In today’s interconnected digital landscape, the security of the software supply chain has become a critical concern for organizations worldwide. The increasing reliance on third-party components, open-source libraries, and complex development ecosystems has expanded the attack surface, making software supply chain risk management an essential aspect of cybersecurity strategies. This comprehensive guide explores the nuances […]
The AppSec Arms Race: Are We Winning?
Application security testing has evolved significantly over the decades, adapting to emerging threats and the increasing complexity of software development processes. Read OX’s latest whitepaper to learn how AppSec has evolved and what your team can do to stay ahead of cyber criminals focused on software compromise and supply chain attacks. Are Security Teams Falling […]
Secrets Management Tools
Secrets management is hugely important to the security of the software and services you develop and use. We’re going to dig into what secrets management is, why it’s important, where you need to use it, and how to make it effective and easy to deploy. What is Secrets Management? “Secrets,” in the context of networking, […]
Introducing OX Security’s Cloud BOM
The intricacies of cloud environments make understanding and analysis highly complex. For many organizations, the continued migration to cloud—in particular, for software development purposes—imposes challenges to security and management. At OX Security, we’ve recognized the problem that exists between cloud security and application security, and we are excited to help our customers address the long-standing […]
Kubernetes’ Ingress-NGINX Nightmare — CVE-2025-1974: Patch Now or Risk Exposure!
CVE-2025-1974 is a critical security vulnerability identified in Kubernetes’ ingress-nginx controller. Under certain conditions, an unauthenticated attacker with access to the pod network can execute arbitrary code within the ingress-nginx controller’s context. This exploitation may lead to the disclosure of secrets accessible to the controller, which, in default installations, includes all cluster-wide secrets. Affected Kubernetes […]
CVE-2024-53104: Are You Really at Risk?
On February 5, 2025, CVE-2024-53104 was published in CISA’s Known Exploited Vulnerabilities (KEV) Catalog. Whenever a new “critical” and known-exploited vulnerability is listed, many cybersecurity teams panic and start the process of finding and fixing the issue. The question that security teams should be asking, however: Is CVE-2024-53104 truly a critical vulnerability for all Linux […]
Lessons from the PostgreSQL CVE-2025-1094 Exploitation
A newly disclosed vulnerability, CVE-2025-1094, has sent shockwaves through the cybersecurity community. The flaw, which impacts PostgreSQL, has already been exploited in real-world attacks, including an alarming breach involving BeyondTrust’s Remote Support SaaS. This incident underscores the growing trend of sophisticated cyber criminal campaigns targeting critical infrastructure and enterprise applications. The attack, which leveraged a […]
Pragmatic Approaches to AppSec: Balancing Tools, Budget and Talent
When accelerated software development lifecycles prioritize speed and functionality, how can you ensure optimal security without creating friction? Theory Meets Practice “The only secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards – but even then I have my doubts.” The […]
Handling AppSec Alerts: How to Focus on the 5% That Matters
The Holy Grail of cybersecurity is the ability to see, understand, and respond to business-impacting attack surface issues in real time and with laser precision. This quest has resulted in the development and deployment of thousands of commercially available tools and millions — if not billions — of data points produced by these products every […]
Drowning in Application Security Alerts? Prioritize What Matters with Unified AppSec
Cloud-native applications, sprawling infrastructure, and the explosion of open-source components used throughout the software development lifecycle (SDLC) create an expanding cyber attack surface. The bigger the surface area, the harder it is for security teams to identify every nook and cranny and all the potential threats lurking in those corners. But it’s not just sheer […]
Visibility in Application Security: A Key to Proactive Risk Management
The Importance of Visibility in Risk Management As AppSec continues to evolve one thing remains constant: the critical importance of visibility. Without it, your organization is essentially flying blind, making decisions based on incomplete information and leaving itself vulnerable to significant risks. As we’ve seen time and again, from the Equifax breach to the SolarWinds […]
Everything you need to know to make DevSecOps work for your organization
Adding security as a key ingredient in any development project is hugely beneficial to any organization that develops software. Not only does baking in security-centric thinking and processes from the very start save significant costs over the entire lifecycle of the software, it also reduces the risk of systemic security flaws when they’re small, addressable […]
API Security Testing: What it is, Why it Matters
APIs enable seamless communications between different software systems. But with great flexibility comes insecurity. Here’s what you need to know about API security testing. There’s a reason why Application Programming Interfaces (APIs) are often described as “The backbone of modern applications”: They play a crucial role in enabling different software systems to communicate with each […]
How Static Application Security Testing SAST Tools Help Secure Software
What is a Static Application Security Testing (SAST) Tool? Static application security testing (SAST) tools analyze the source code, byte code, and binaries of an application in a static (non-running) state, checking for any potential security vulnerabilities or coding flaws. Usable in the earliest stages of development, SAST tools analyze code before the application is […]
Why AppSec Teams Need a Multi-Dependency Graph
Today, software development relies heavily on open-source dependencies to accelerate innovation and reduce time to market. However, these dependencies introduce hidden risks, particularly through transitive dependencies — the dependencies of dependencies. These nested relationships create an intricate web of interconnected components, making it difficult for AppSec teams to track vulnerabilities effectively. Without clear visibility, risks […]
Five Reasons Standalone Vulnerability Scanning Isn’t Enough in 2025
Vulnerability scanning has long been a staple of cybersecurity programs, but relying on it as your primary defense against threat actors is a risky oversimplification. While scanning tools detect known weaknesses, they often fail to differentiate between theoretical risks and real-world threats. They don’t tell you which vulnerabilities are actually exploitable, how attackers would target […]
Your Guide to Static Application Security Testing (SAST)
AST allows software developers and AppSec teams to identify software vulnerabilities early in the SDLC, before the it is deployed. Here’s what you need to know. In 1988, a computer science student at Cornell University wrote an experimental program designed to gauge the size of the internet. The consequences transformed the way the tech world […]
OX Security and the Future of Application Security Posture Management
The complexities of modern application security are undeniable. As software architectures become more intricate and development pipelines more diverse, the challenges of visibility, prioritization, and risk management grow exponentially. We believe the recent Gartner® Innovation Insight for Application Security Posture Management (ASPM) report shines a light on how organizations can address these challenges — and […]
OX Security: Empowering Executives with Actionable AppSec Insights
Application security posture management (ASPM) is no longer just a technical concern; it’s a critical business imperative. But how do you get executives, who are often focused on the bottom line, to truly grasp the importance of AppSec and invest in its success? The answer lies in clear, concise, and compelling executive reporting. OX Security […]
AppSec Tools: What They Do & How to Pick the Right One
What is AppSec? Application Security (AppSec), the process of protecting applications against malicious compromise, has become a critical factor in modern application development and deployment. Cyber attackers and their methods are evolving along with technology, and their attacks are becoming more sophisticated and more prevalent. In 2024 the average cost of a data breach was […]