Phoenix Security Features – March 2023 – Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security Features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform.

Application and cloud security and vulnerability management for Mach 2023 vulnerability

We are sure that you’ll find these quite interesting!

  • Manage your Vulnerabilities and Assets
    • Simplified App/Env creation flow
    • Create Apps/Envs directly from Asset screens
    • Update asset filters layout in Component forms
  • Productivity and User Experience
    • Updated Demo Data logic and feedback
    • User Experience Improvement
  • Integrations
    • Improve Snyk integration: capture SAST vulnerabilities.
    • Rebrand Code Inspector to Codiga
    • Update and realign existing integrations.

Manage your Vulnerabilities and Assets across application security and cloud security.

Simplified Application and Environment Creation

Currently, one of our key focus is the simplification of the platform’s workflows. The aim is to improve the user experience and minimise the effort required to model and manage your vulnerability and risk landscape inside Phoenix Security.

This release features a simplified Application creation flow, where non-essential configuration and decisions can be addressed later in the cycle. The screenshot below illustrates this: users must name the Application/Environment, select which assets form part of it and… done! All the other fields are optional.

Application and cloud security and vulnerability management for Mach 2023 vulnerability
Simplified application creation 3 steps
Simplified asset selection

Application and cloud security and vulnerability management for Mach 2023 vulnerability
simplified application creation in 3 steps

Now you have a full functions Application (or Environment) populated with a dynamic set of assets, vulnerabilities and risks assessed individually and as part of the Organisation.

Create Apps/Envs from the Assets screen.

Continuing with the “simplified flows” theme, this release introduces a new way of adding assets to applications and environments. The new flow allows users to create applications and components “on the fly” directly from the assets screens.

Now you can select several assets from any Assets screens (from Unassigned view) and directly add them to an existing application or environment. Similarly, you can create a new App/Env for them or even create a new Component or Service inside an existing App/Env.

Quick Asset assignment

Application and cloud security and vulnerability management for Mach 2023
Quick Asset Assignment
Quick Asset assignment

Application and cloud security and vulnerability management for Mach 2023
Select the application or environment to assign and component
Application and cloud security and vulnerability management for Mach 2023

select assets

Update asset filter layout in Component forms.

We have been working to bring the latest asset selection capabilities to all areas of the platform. This process is completed with the update of the Component/Service creation and updates screens.

Users can now enjoy the same functionality and user experience across all asset filtering and selection areas when working on their application security and cloud security programmes.

Productivity and User Experience

Updated Demo Data logic and feedback

We want to ensure that our users can explore the benefits of Phoenix Security even before they connect to their scanners or load their data. That’s why we’ve always provided the Load Demo Data functionality.

However, working with static, fake data – and keeping track of it – is not always easy. That’s why there are limitations regarding when demo data can be loaded. And now, we are introducing additional controls and feedback to guide our users through the process.

Application and cloud security and vulnerability management for Mach 2023

demo data updated
Demo data upgraded

User Experience Improvement

Along with simplification, improving the user experience is another important focus for the Phoenix Security team. Great features are always important, but the small things sometimes make a big difference (the infamous “paper cuts”).

We have been working hard on small changes that significantly improve user experience, from additional loading animations and feedback to smother transitions.

Another area of improvement is reducing the “cognitive load” of the platform: previous knowledge is required to understand each screen and function. We will continue to work on these as we progress through our roadmap.

Integrations

Improve Snyk Integration: capture SAST vulns

Due to the structure of Snyk’s API, code vulnerabilities are not reported through the same API as the rest of the vulnerabilities. However, these SAST vulnerabilities have recently become available through a new API, so we wanted to ensure that our integration provides the complete details.

With this release, “code” Snyk projects will be processed using the new, dedicated API endpoints from Snyk. This means our users can now manage them inside Phoenix Security like they’ve done so far for other vulns.

Rebrand Code Inspector to Codiga

Our friends at Code Inspector have rebranded their platform to Codiga, and we want to ensure that our users recognise the new brand inside the Phoenix platform.

Codiga and SNYK security
Codiga Integration

Update and realign existing integrations.

As an ongoing effort, we are constantly updating our integrations to align with the latest changes to the scanners’ APIs. In this round, we have:

  • Dependabot: Aligned authentication credentials exchange with the latest API
  • Phoenix ZAP/WPScan: updated/improved configuration options

Get in control of your Application Security posture and Vulnerability management

Alfonso brings experience running international teams for multi-million dollar, technologically advanced projects for Telefónica, IBM and Vodafone. Alfonso joins with two decades of experience working for tech leaders, including at Dell EMC, Yahoo! and Intershop.

Discuss this blog with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

From our Blog

Phoenix Security now integrates with Google Cloud (GCP) Security Center, enabling comprehensive vulnerability management and ASPM across GCP, AWS, and Azure. Prioritize and manage vulnerabilities with enhanced Lacework integration for container security and cloud misconfigurations.- Associate assets with multiple Applications and Environments – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities
Alfonso Eusebio
Phoenix Security proudly announces the launch of advanced features designed to enhance Application Security Posture Management (ASPM), streamline vulnerability management, and improve vulnerability remediation campaigns. Our latest capabilities empower security teams to monitor and remediate vulnerabilities at scale, utilizing an advanced AI system that rapidly categorizes vulnerabilities and suggests optimal campaigns for scheduling. This new AI-driven approach aligns with our One Backlog feature and Security Champion initiative, both focused on remediating systemic vulnerabilities and reducing team burnout. Recognized as a Gartner Top ASPM provider in the Voice of the Customer 2024, Phoenix Security has collaborated with leading clients to develop innovative solutions that address the complexities of vulnerability remediation. Our campaigns facilitate real-time monitoring, improve collaboration across teams, and ensure that organizations can effectively respond to evolving security threats, including high-impact vulnerabilities like Log4j. Explore how Phoenix Security can transform your vulnerability management practices and enhance your organization’s overall security posture. – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities
Francesco Cipollone
What the heck is ASPM and how modern ASPM address new challenges? In this article we explore Application Security Posture Management (ASPM) and how it has become essential for organizations looking to safeguard their applications throughout the software development lifecycle (SDLC). But what truly defines a modern ASPM solution? In this article, we delve into the typical ASPM vendors, explore edge cases, and outline the fundamental pillars that unite them. At Phoenix Security, we recognize the challenges posed by diverse organizational structures, making ASPM as much about data and culture as it is about vulnerability management. That’s why we’ve introduced our ONE BACKLOG feature, which merges security champion initiatives with vulnerability workflows into a single, actionable dashboard. This integration empowers security teams to maintain a comprehensive view of vulnerabilities across code, cloud, and other artifacts, streamlining prioritization and remediation efforts. ASPM is more than just a framework; it’s a proactive strategy that fosters collaboration between development, security, and operations teams. With benefits like unified visibility, risk-based prioritization, and continuous monitoring, organizations can effectively identify and address vulnerabilities, ensuring a robust security posture. Join us as we explore the future of ASPM, focusing on code-to-cloud native solutions, maximizing existing tools, and nurturing a culture of security that transcends traditional barriers. Learn how ASPM can revolutionize your approach to application security and enhance your organization’s resilience in an ever-evolving threat landscape.
Francesco Cipollone
Enhance your vulnerability management with Application Security Posture Management (ASPM) and reachability analysis. Discover how ASPM helps prioritize exploitable vulnerabilities, reduce security noise, and improve risk management. Learn about advanced techniques like code and container reachability, contextual deduplication, and Phoenix Security’s cutting-edge solutions for smarter, more effective application security.
Francesco Cipollone
Phoenix Security’s Application Security Posture Management (ASPM) introduces Reachability Analysis and Contextual Deduplication to revolutionize vulnerability management. These features help security teams prioritize risks by correlating vulnerabilities from code to runtime, focusing on what’s exploitable. With contextual deduplication, Phoenix reduces vulnerability noise by up to 95%, ensuring only real threats are addressed. Stay ahead with 4D Risk Quantification, combining business criticality, network, and runtime reachability for smarter, more effective security.- Associate assets with multiple Applications and Environments – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities
Francesco Cipollone
Phoenix Security now integrates with Google Cloud (GCP) Security Center, enabling comprehensive vulnerability management and ASPM across GCP, AWS, and Azure. Prioritize and manage vulnerabilities with enhanced Lacework integration for container security and cloud misconfigurations.- Associate assets with multiple Applications and Environments – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities
Alfonso Eusebio
Derek

Derek Fisher

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
ShieldPRO