Francesco Cipollone, Author at Phoenix Security

Exploitability Pipeline Application Security Exploitability: A Deep Dive with a risk-based approach

A ciso Perspective on application security how to action vulnerabilities. Jim Newman explores with francesco the meaning of a risk based driven approach on application security with context

Francesco Cipollone

Phoenix Security Welcomes Cybersecurity Veteran Lee Vorthman to Its Advisory Board

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, welcomes Lee Vorthman, Ciso of ORACLE advertising to the advisory board

Francesco Cipollone

Phoenix Security Phoenix Welcomes Jim Manico, Cybersecurity leader, OWASP Pillar creator of OWASP Top 10

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, has added Jim Manico, creator of OWASP top 10, to its board.

Francesco Cipollone

OWASP Top 10 across the years: what are the exploited vulnerabilities

Owasp top 10 has been a pillar over the years; sister to CWE – Common Weakness Enumeration we provide an overview of the top software vulnerabilities and web application security risks with a data-driven approach focused on helping identify what risk to fix first.

Francesco Cipollone

Understanding the OWASP Top 10 across the Years: Common Weaknesses and Notorious Attacks

Francesco Cipollone

Understanding CISA Top Routinely Exploited Vulnerability 2022: Key Insights and Trends for Vulnerability Management

Dive into the world of vulnerability exploitability with insights from CISA KEV, enhanced by powerful data visualizations and a deep dive into dominant vendors.

Francesco Cipollone

Understanding Vulnerability Exploitability: Focusing on What Matters Most in Cybersecurity, CISA KEV Exploit DB, Zero Day and more

With cyber threats growing in sophistication, understanding exploitability has become crucial for security teams to prioritize vulnerabilities effectively. This article explores the key factors that influence the likelihood of exploits in the wild, including attack vectors, complexity levels, privileges required, and more. You’ll learn how predictive scoring systems like EPSS are bringing added dimensions to vulnerability analysis, going beyond static scores. We discuss the importance of monitoring verified threat feeds and exploiting trends from reliable sources, instead of getting distracted by unverified claims and noise. Adopting a risk-based approach to prioritization is emphasized, where critical vulnerabilities are addressed not just based on CVSS severity, but also their likelihood of being exploited and potential business impact. Recent major exploits like Log4Shell are highlighted to stress the need for proactive security. Equipped with the insights from this guide, you’ll be able to implement a strategic, data-backed approach to focusing on the most pertinent risks over the barrage of vulnerabilities.

Francesco Cipollone

The Securities and Exchange Commission (SEC) proposed a report and consequences

The Securities and Exchange Commission (SEC) has proposed a change regarding cybersecurity disclosures and how they will impact public companies. The rules cover various topics, including cybersecurity, environmental, social, and governance issues. The proposed changes will reshape the cybersecurity function, with increased expectations around incident disclosure and response, board-level involvement, and supply chain scrutiny.

Francesco Cipollone

Understanding OpenSSH’s Agent Forwarding CVE-2023-38408: A Comprehensive Guide

Explore the critical OpenSSH vulnerability, CVE-2023-38408, and learn how to safeguard your systems effectively. This guide provides an in-depth look at the vulnerability, its potential impact, and detailed steps to mitigate its risks. Discover how tools like Phoenix Security’s Vulnerability and Asset Management can help prioritize and act on such vulnerabilities swiftly

Francesco Cipollone

CVE-2023-3519 Update on Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)

CVE-2023-3519 Update on Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway) details on vulnerability timeline and compromise

Francesco Cipollone

Understanding the 2023 CWE Top 25 Most Dangerous Software Weaknesses and application security patterns over the Years

🔒 Exciting research on software vulnerabilities! We analyzed CWE vulnerability scores and found fascinating insights into the evolving landscape of software security. Our study reveals positive trends and challenges in securing software systems. Check out our report! 💻🔬 #SoftwareSecurity

Francesco Cipollone

Author: Francesco Cipollone

Exploitability Pipeline Application Security Exploitability: A Deep Dive with a risk-based approach

Phoenix Security Welcomes Cybersecurity Veteran Lee Vorthman to Its Advisory Board

Phoenix Security Phoenix Welcomes Jim Manico, Cybersecurity leader, OWASP Pillar creator of OWASP Top 10

OWASP Top 10 across the years: what are the exploited vulnerabilities

Understanding the OWASP Top 10 across the Years: Common Weaknesses and Notorious Attacks

Understanding CISA Top Routinely Exploited Vulnerability 2022: Key Insights and Trends for Vulnerability Management

Understanding Vulnerability Exploitability: Focusing on What Matters Most in Cybersecurity, CISA KEV Exploit DB, Zero Day and more

The Securities and Exchange Commission (SEC) proposed a report and consequences

Understanding OpenSSH’s Agent Forwarding CVE-2023-38408: A Comprehensive Guide

CVE-2023-3519 Update on Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)

Understanding the 2023 CWE Top 25 Most Dangerous Software Weaknesses and application security patterns over the Years

Resources

Welcome to Peace of Mind

Subscribe Newsletters

About us

ACT Now Platform

Use Cases

Resources

Join our Mailing list!