What is Application Security Posture Management (ASPM)
Application Security Posture Management (ASPM) is a strategy designed to unify and improve the security of your applications. It pulls together various security practices, like static application security testing (SAST), software composition analysis (SCA), secrets detection, and infrastructure as code (IaC), into a single, cohesive platform.
That was then, this is now….Modernizing AppSec in Fast-Paced Development Environments
You are the weakest link. Hello. Ninety-one percent of organizations experienced at least one software supply chain security incident in 2023. Chances are the other 9% are riding their luck: The average organization has nine high, critical or apocalyptic risks within their supply chain. At the heart of the problem: Companies that aren’t […]
How to Align Infosec to Business Operations: Sam Curry’s Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by Sam Curry’s insights on the crucial role of building relationships in cybersecurity to affect change in information security and the business. He recently shared his recommendations on cyberOXtales Podcast, highlighting the significance of trust, alignment, and intimacy in fostering effective relationships within and outside the cybersecurity team. The Playbook […]
Managing Transitive Vulnerabilities
Transitive vulnerabilities are developers’ most hated type of security issue, and for good reason. It’s complicated enough to monitor for and fix direct vulnerabilities throughout the software development lifecycle (SDLC). When software is dependent on third-, fourth-, and Nth-party components (and most software is), the longtail of risk can seem endless. To understand transitive vulnerabilities, […]
Effective Incident Response: A Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by David Cross’s insights on how to best handle a potential incident that could have been caused by what seemed to be a suspicious email sent to a marketing team. He recently shared his recommendations on CyberOXtales Podcast, highlighting the importance of having a clear playbook for incident response, determining […]
Unpacking Log4j: A Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by Amy Chaney’s experience with a major cybersecurity event that rattled the industry not too long ago: the infamous Log4Shell vulnerability. She recently shared her firsthand account on CyberOxTales Podcast, of being in the thick of things at JPMorgan Chase during the crisis. From understanding the intricacies of vulnerabilities to […]
Press Release: OX Security and HCLSoftware Announce Strategic Partnership to Launch AppScan Supply Chain Security
New OEM Capabilities, Empower Organizations to Deliver a Modern Approach to Application Security New York, NY, and Tel Aviv, Israel – May 7, 2024 – Today, OX Security, the largest Active Application Security Posture Management (Active ASPM) provider, unveils a strategic OEM partnership program, kicking off with HCLSoftware. This collaboration marks a significant milestone […]
Press Release: Optimizing Application Security with OX Security’s Attack Path Reachability Analysis
New Features Empower Organizations to Mitigate Risks in Software Supply Chains. RSA CONFERENCE, SAN FRANCISCO — May 7, 2024 — OX Security, a leader in Active Application Security Posture Management (ASPM) and a founding member of the Open Software Supply Chain Attack Reference (OSC&R) framework, today unveiled its latest innovations: Attack Path Reachability Analysis, […]
What to Consider When Choosing a Software Composition Analysis (SCA) Tool
Given the widespread use of third-party components in application development, identifying and remediating code vulnerabilities as early in development as possible is critical. As a result, many organizations turn to SCA tools, however traditional ones often deliver superficial code analysis that floods developers with irrelevant or non-actionable alerts, including numerous false positives. As you search […]