Software Composition Analysis (SCA), identifies known vulnerabilities in 3rd party open source software components. It is not enough to assure that your apps are free from application layer vulnerabilities.
Why Legacy IAST Tools Will Fail Miserably When Testing Cloud-Native Web Applications.
Responsibility for App Security is no longer in the hands of one-owner, it’s a joint effort. App security is distributed to many groups and to different roles - Developers, AppSec and DevOps. So who’s incharge of security? And how to do it right.
Static application security testing tools (SAST), fail to provide the security measures required for cloud native apps. They lack context and are often limited to only one programming language, framework, or sets of libraries.
Dynamic Application Security Testing tools (DAST), and why they fail to successfully test cloud native apps for code vulnerabilities. DAST tools lack the visibility into the communication layer of both app, container and cloud.
Recently, Oxeye’s research team discovered several scenarios where sensitive data was leaked through tracing and telemetry collection within cloud-native applications.
Herein is an overview of AST and the challenges that DAST, SAST, IAST, and SCA tools face when assessing vulnerabilities in cloud native applications.
Which approach should application security teams take to protect against log4shell. Oxeye helps identify, mitigate and provides context to the Java logging package Log4j vulnerability also called LogJam CVE-2021-44228.
Given the intricacies of cloud native apps, it's critical for organizations to prioritize security during their build phase
OpenTelemetry is an open-source project by the Cloud Native Computing Foundation (CNCF).
Cloud native application vulnerabilities are not singular events, but rather complex flows. Our blog brings a few real-life examples from Shopify.
Over 500 million applications will be deployed using cloud-native approaches by 2023, according to IDC.