Oxeye has announced the availability of its Cloud Native Application Security Testing (CNAST) platform. The application security platform identifies custom code and open-source vulnerabilities and software secrets to reveal the critical, exploitable security issues as an integral part of the software development lifecycle. As a result, developers and application security teams receive clear insights that accelerate proper mitigation.
With a large number of organizations today hosting application workloads in the cloud, it is imperative that application security be implemented to accommodate the unique security requirements of cloud-based applications. Meeting this challenge head-on, the Oxeye Cloud Native Application Security Testing platform is built from the ground up with the same high degree of agility and scale of cloud infrastructure to address the pervasive number of vulnerabilities materialising in these environments.
Cloud native application security testing by Oxeye is focused on the cloud native segment of the AST market. This is imperative as AppSec and DevSecOps professionals are confronted with millions of cloud-native apps industry-wide. In order to protect this new application architecture, the next-generation application manager will be required to conduct proper infrastructure hygiene. To this end, Oxeye supports scalable, ever-changing environments and automatically adapts to changes for an agile testing scope without changes to code or the need to manually intervene.
“Oxeye’s approach allows us to embed context-aware, application security testing at the most critical point of our development cycle,” said Omer Azaria, VP, of Engineering, Sysdig. “This leaves no stone unturned as the solution analyzes all potential applicative threats. Included is the deep mapping of all app components and how they communicate with each other; lightweight intelligent testing for active validation, and the context we need in order to map the findings back to teams and dev owners.”
Key capabilities include:
- Cloud Native Application software bill of materials (SBOM) – Through Oxeye’s unique integration into each application, the platform provides users with an elaborate software bill of materials, deep from within cloud-native environments.
- Cloud Native Application Security Testing Built for Modern Architectures – Oxeye analyzes application code across microservices to identify code vulnerabilities, vulnerable 3rd party packages, and hardcoded secrets as part of the software development lifecycle for clear guidance that enables accurate remediation.
- Multi-Layer and Multi-Service Identification of Exploitable Vulnerabilities –
- Provides Runtime Code Analysis with no code changes, Vulnerable Flow Analysis to detect vulnerabilities across application microservices, and Active Validation with automatic creation and execution of security tests to validate vulnerabilities prior to reporting.
- Contextual Risk Assessment – Enriches data with infrastructure configuration information from the container, cluster, and cloud layers to calculate risks based on Internet accessibility, sensitive data processing, flawed configuration, etc.
- Clear Remediation Guidance for Developers – Provides developers with application analysis in runtime to reproduce each step of vulnerability exploitation, delivery of the exact line of code where the vulnerability is executed, and vulnerability flow visibility for accurate execution flow tracing that allows for fast identification and remediation of actual issues.
“Modern applications introduce major challenges to Application Security leaders, with prioritization, visibility, and collaboration on top,” said Dean Agron, Co-Founder, and CEO of Oxeye. “The Oxeye platform is the best option for modern application security testing as its vulnerability detection accuracy is second to none. The powerful solution greatly reduces security risk throughout every stage of software development and deployment, alongside providing clear visibility into the application structure and building blocks”
Oxeye Cloud-Native AST is generally available as of this release. The company invites developers, DevSecOps and other interested parties to learn more by visiting https://www.oxeye.io/solution. To receive a personalized demo, please visit https://www.oxeye.io/get-a-demo.