Author: Francesco Cipollone

A ciso Perspective on application security how to action vulnerabilities. Jim Newman explores with francesco the meaning of a risk based driven approach on application security with context
Francesco Cipollone
Owasp top 10 has been a pillar over the years; sister to CWE – Common Weakness Enumeration we provide an overview of the top software vulnerabilities and web application security risks with a data-driven approach focused on helping identify what risk to fix first.
Francesco Cipollone
With cyber threats growing in sophistication, understanding exploitability has become crucial for security teams to prioritize vulnerabilities effectively. This article explores the key factors that influence the likelihood of exploits in the wild, including attack vectors, complexity levels, privileges required, and more. You’ll learn how predictive scoring systems like EPSS are bringing added dimensions to vulnerability analysis, going beyond static scores. We discuss the importance of monitoring verified threat feeds and exploiting trends from reliable sources, instead of getting distracted by unverified claims and noise. Adopting a risk-based approach to prioritization is emphasized, where critical vulnerabilities are addressed not just based on CVSS severity, but also their likelihood of being exploited and potential business impact. Recent major exploits like Log4Shell are highlighted to stress the need for proactive security. Equipped with the insights from this guide, you’ll be able to implement a strategic, data-backed approach to focusing on the most pertinent risks over the barrage of vulnerabilities.
Francesco Cipollone
The Securities and Exchange Commission (SEC) has proposed a change regarding cybersecurity disclosures and how they will impact public companies. The rules cover various topics, including cybersecurity, environmental, social, and governance issues. The proposed changes will reshape the cybersecurity function, with increased expectations around incident disclosure and response, board-level involvement, and supply chain scrutiny.
Francesco Cipollone
Explore the critical OpenSSH vulnerability, CVE-2023-38408, and learn how to safeguard your systems effectively. This guide provides an in-depth look at the vulnerability, its potential impact, and detailed steps to mitigate its risks. Discover how tools like Phoenix Security’s Vulnerability and Asset Management can help prioritize and act on such vulnerabilities swiftly
Francesco Cipollone

Resources

Listen to the latest AppSec Phoenix podcast

Get Started with AppSec Phoenix

Read the latest AppSec Phoenix news

Read the latest Blogs

Discover our events

Explore the talks

Discover Whitepapers

Read the latest News

Discover video resources

Welcome to Peace of Mind

Trusted by more than 1000 users and 380 organizations

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO