Are you ready to banish those never-ending vulnerability alerts and focus on what matters? Join us at the OWASP NYC Chapter to discuss how vulnerabilities can be prioritized with reachability analysis and how ASPM can help.

We invite you to an exclusive event on Mastering Reachability Analysis, where we’ll explore how to cut through the noise and identify the vulnerabilities that threaten your organization.

Download the presentation: https://phoenix.security/media/Path-to-0-Critical-Reacheability-analysis-masterclass.pdf

Full Video

Join us for this talk: WTH is Reachability Analysis Path to 0 real critical – Shave off 90% of our vulnerabilities with reachability analysis

Event Details:

• Date: 3 FEB 2025

• Start: 6:00 PM

• End: 9:00 PM (8 PM networking)

• Raffle & Q&A: Just before 8:00 PM

The event is hosted by OWASP NYC and Perkins Coie / Phoenix Security

After-Event Pub (8:30 PM): Connolly’s, 121 W 45th St, New York, NY 10036 Google Map

Location: Perkins Coie LLP – 1155 6th Ave 22nd floor, New York, NY 10036 Google Map

OWASP NYC

OWASP New York City Chapter, free to join, open to all. We meet to discuss & demonstrate web and browser-based vulnerabilities, tools & solutions. More information about the OWASP New York City Chapter can be found at https://owasp.org/www-chapter-new-york-city/ <br>

The OWASP Foundation is a global organization dedicated to building awareness and education around software security. We are a community of builders, breakers and defenders. To learn more about our global mission, check https://owasp.org

An Overview of OWASP, by Nancy Gariche:  https://www.youtube.com/watch?v=XxntPxfJsdE

Talk Title

Mastering Reachability Analysis: Redefining Product Security, Bridging Application Security and Cloud Vulnerability Management

Event Crafterd for OWASP NYC – New York City Chapter

Talk Summary

Is your security team drowning in alerts and triaging vulnerabilities that seem more myth than menace? You’re not alone. As AppSec and OpsSec merge into ProdSec, traditional vulnerability management is hitting its limits—especially with containerized environments and ever-more tangled architectures. Enter reachability analysis, a method to cut through the noise by focusing on vulnerabilities that are actually exploitable.

This talk demystifies the five key types of reachability analysis, guiding you on how to pick the ones that matter most to your environment. From code paths to containerized environments, we’ll show you how to transform an overwhelming vulnerability backlog into a streamlined security strategy.

Key Discussion Points

1. What Is Reachability Analysis in ASPM?

• Learn how to spot vulnerabilities that actually pose a threat in runtime.

• Discover how reachability fits into Application Security Posture Management (ASPM) to reduce noise.

2. The Five Types of Reachability Analysis

• Code Reachability: Checking if vulnerable code paths get executed.

• Library Reachability: Figuring out if those spooky library vulnerabilities are truly in play.

• Container Reachability: Zeroing in on whether container-based packages are used in runtime.

• Static Reachability: Identifying risks from the codebase and libraries, even before runtime.

• Runtime Reachability: Spotting vulnerabilities active in live environments.

3. Challenges in Implementation

• Complexity in bridging various ecosystems.

• Limited visibility in container deployments.

• Breaking free from the confines of old-school CWE classifications.

4. Leveraging Context and AI for Effective Vulnerability Management

• Using contextual deduplication to tame your vulnerability backlog.

• Employing cyber threat intelligence to flag truly exploitable weaknesses.

• Harnessing AI-driven insights to proactively remediate issues.

Target Audience

• Application Security & Product Security Professionals

• Security Engineers and Vulnerability Management Teams

• CISOs, CTOs, and Technical Leads looking to optimize their security operations

• Anyone who’s tired of chasing phantom vulnerabilities and wants a clearer roadmap to real risk reduction

Takeaways

• Reachability 101: A crystal-clear grasp of how reachability analysis tackles vulnerability overload.

• Implementation Blueprint: Concrete steps for contextual deduplication and advanced threat intelligence.

• Static vs. Runtime: Understand how these two approaches complement each other for a holistic view.

• Actionable Roadmap: Integrate reachability analysis into your ASPM strategy for immediate efficiency gains.

Schedule

• 6:00 PM – Registration & Intro

• 6:15 PM – Main Talk & Q&A

• 7:50 PM – Raffle for Noise-Cancelling Headphones (Yes, it’s real!)

• 8:00 PM – Pizza, Drinks & Networking

• 8:30 PM – Optional Pub Hangout at Connolly’s

Quiz and Raffle:

Other SWAG From Phoenix

To make the event even more exciting, we will conclude with a quiz based on the presentation. Participants will have the chance to win fantastic prizes in our raffle, including:

• Chargers
• Noise-Cancelling Headphones
• Hoodies

Book Signing:

We are thrilled to announce that Francesco Cipollone will be present at the event and will bring 10 copies of his book, “Building Resilient Application Security.” He will be signing these books for the lucky attendees. Don’t miss this exclusive opportunity to get a signed copy from the author himself. For more information about the book, visit Building Resilient Application Security.

Minimize the vulnerability risk and act on the vulnerabilities that matter most, combining ASPM, EPSS, and reachability analysis.

Organizations often face an overwhelming volume of security alerts, including false positives and duplicate vulnerabilities, which can distract from real threats. Traditional tools may overwhelm engineers with lengthy, misaligned lists that fail to reflect business objectives or the risk tolerance of product owners.

Phoenix Security offers a transformative solution through its Actionable Application Security Posture Management (ASPM), powered by AI-based Contextual Quantitative analysis. This innovative approach correlates runtime data, combines it with EPSS and other threat intelligence, and applies the right risk to code and cloud, delivering a prioritized list of vulnerabilities.

Why do people talk about Phoenix Security ASPM?

• Automated Triage: Phoenix streamlines the triage process using a customizable 4D risk formula, ensuring critical vulnerabilities are addressed promptly by the right teams.

• Actionable Threat Intelligence: Phoenix provides real-time insights into vulnerabilities' exploitability, leveraging EPS and combining runtime threat intelligence with application security data for precise risk mitigation.

• Contextual Deduplication with reachability analysis: Utilizing canary token-based traceability for network reachability and static and dynamic runtime reachability, Phoenix accurately deduplicates and tracks vulnerabilities within application code and deployment environments, allowing teams to concentrate on genuine threats.

By leveraging Phoenix Security, you not only unravel the potential threats but also take a significant stride in vulnerability management, ensuring your application security remains current and focuses on the key vulnerabilities.