Contextualize Prioritize and ACT ON RISK
Login
Get Access
Demo

Resources

Cyber Risk
Defenders Club Resources

Discover the latest events, conferences, research from the Phoenix Security team, and collaborative papers from the Cyber Risk Defender Club members.
Download all the whitepaper data sheets and conference material.
It’s time to build better Application Security and Cloud Security programs together

Start Guide

double arrow

Quick Start

icon

Integration Guide

icon

Integrations

icon

Manage Application

icon

Vulnerability Page

Dashboard

JOIN the CYBER RISK
DEFENDERS CLUB today

avatar

Join Phoenix Security Community

Exchange Material and get up to speed with the latest application security trends

avatar
Join our community here
avatar

White Papers​

Books-whitepaper-covers

SLA are dead long live SLA – Data driven approach on Vulnerabilities

Download
Books-whitepaper-covers

Building Resilient Application and cloud security programs 

Download
Books-whitepaper-covers

NIS2 Regulation – Impact on Vulnerability Management

Download
Books-whitepaper-covers

Vulnerability maturity model and how to implement application security and vulnerability management at scale 

Download
Dora-Books

DORA 2 Upcoming regulation on Critical resilience for Banking and Fintech 

Download
Books-whitepaper-covers

Building Application & Cloud security programs 

Download
Books-whitepaper-covers

Vulnerability Management at scale & the power of context-based prioritization

Download

Data explorers

owasp preview
Explore OWASP Vulnerability Intelligence
CWE
Explore CWE Vulnerability Intelligence
cisa top exploited vulenrabilities CISA KEV vulnerabilities used in ransomware for vulnerability management and application security program ransomware cwe
Explore CISA KEV Vulnerability Intelligence
Exploitability
Explore Exploitability Vulnerability Intelligence

Data Sheet and Reference materials

whitepaper_Dark

Tech-sheet

Download
Datasheet

Datasheet

Download
e-book

E-book

Download
video tour

Getting started video tour

Watch the video

From our Blog

DAY6 TeamPCP Attack, devsecops, ASPM, application security, vulnerability management, supply chain attack, LiteLLM compromise, PyPI malware, CI/CD compromise, reachability analysis, attack surface management, exposure management, TeamPCP, Trivy compromise, Checkmarx KICS, CanisterWorm, Kubernetes lateral movement, credential harvesting, AI gateway security
  • 24th March 2026

TeamPCP Attack day 6 Backdoors LiteLLM: Your AI Gateway Just Became the Attack Vector

Day 6 of TeamPCP Attack. TeamPCP has crossed the Rubicon from CI/CD tooling into production AI infrastructure. LiteLLM versions 1.82.7 and 1.82.8 on PyPI contain a three-stage credential stealer that harvests SSH keys, cloud secrets, and Kubernetes tokens, deploys privileged pods across every node in your cluster, and installs a persistent backdoor polling for additional payloads. If you run LiteLLM in any environment, check your installed version right now.
Francesco Cipollone
Evolution of Team PCPC Attack: devsecops, ASPM, application security, vulnerability management, supply chain attack, GitHub Actions security, CI/CD compromise, reachability analysis, attack surface management, exposure management, TeamPCP, Trivy compromise, Checkmarx KICS, CanisterWorm, npm malware, ICP blockchain C2
  • 24th March 2026

TeamPCP’s Five-Day Siege: How One Stolen Token Cascaded Across GitHub Actions, Checkmarx, VS Code Extensions, and npm

In five days, a single stolen GitHub token became a cascading supply chain compromise spanning Trivy, Checkmarx, OpenVSX, and npm. TeamPCP force-pushed 110+ malicious tags, backdoored container images, weaponised VS Code extensions against local coding agents, and launched a self-propagating npm worm using blockchain C2. If your CI/CD pipelines reference any of these tools by version tag, assume compromise.
Francesco Cipollone
Diagram showing Phoenix Security AI remediation engine transforming many container vulnerability findings into a small set of structured remediation actions.
  • 10th March 2026

Phoenix Security Launches AI-Powered Remediation Engine: Surgical Container-to-Code Fixes Without Deploying a Single Agent #2

Phoenix Security announced the general availability of its AI-powered Remediation Engine, enabling agentless container vulnerability remediation aligned with CTEM principles. By correlating container lineage to build files, the platform reduces SCA noise by up to 91% and generates precise remediation actions engineers and AI agents can execute instantly.
Francesco Cipollone
DevSecOps vulnerability remediation platform visualizing dependency graphs and consolidated security fixes across applications, containers, and cloud workloads
  • 9th March 2026

Remediation Is a Design Constraint: The Phoenix Security Philosophy

Phoenix Security approaches vulnerability management as a remediation engineering problem. By combining reachability analysis, contextual deduplication, and minimal-impact upgrades, Phoenix transforms hundreds of findings into a small set of changes engineers can actually ship.
Francesco Cipollone
Isometric cybersecurity architecture representing the evolution from ASPM to Continuous Threat Exposure Management in a dark enterprise-style illustration
  • 19th February 2026

Phoenix Security Named Leader in Application Security Management 2026

The 2026 Latio Application Security Market Report signals a decisive shift from traditional ASPM to Continuous Threat Exposure Management (CTEM), redefining how enterprises reduce exposure, validate runtime risk, and drive remediation at scale.
Francesco Cipollone
Sha1-Hulud 3.0 Phoenix Security
  • 5th January 2026

Beat Sha1-Hulud 3.0 Before It Ships Your Secrets

Sha1-Hulud V3.0 is not a typical vulnerability — it’s a malicious npm package that executes on install, steals CI and cloud credentials, and weaponizes npm and GitHub tokens to spread further. If it touched your build system, assume compromise.
Francesco Cipollone
View all blog posts

Talks

View more

Quick Start

23 Videos

Video resources

View more

Quick Start

6 Videos

Community Podcast on Application Security & Cloud Security

Join us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.

  • 28th July 2024

CSCP S4EP19 – James Berthoty – What The heck is ASPM and the evolution of Product Security

Join us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.
CSCP S4EP18 - Marius Poskus

  • 7th July 2024

CSCP S4EP18 – Marius Poskus – Who mention about non-technical CISO – ASPM and Running application security programs from a CISO perspective

Explore the evolving landscape of application security and ASPM with Marius Poskus, VP at Glow Financial Services. Discover insights on the adoption of open-source code and AI, cultural shifts for DevSecOps, and challenges in maintaining consistent security programs. Sponsored by Phoenix Security, leaders in vulnerability management. Listen now for strategic approaches to managing application security and prioritizing critical issues to align with business goals. #Cybersecurity #AppSec #ProductSecurity #ASPM
Join cybersecurity expert Adam Shostack on the Cybersecurity and Cloud Podcast as he discusses Application Security Posture Management (ASPM), threat modeling, and proactive strategies for enhancing software security. Learn about the impact of government regulations, CISA’s approaches to vulnerability management, and balancing security with profit. Don't miss these insights to stay ahead in the cybersecurity landscape.

  • 16th June 2024

CSCP S4EP17 – Adam Shostack – Threat modelling in past and future with Adam Shostack from vulnerability to ASPM and modern application security

Join cybersecurity expert Adam Shostack on the Cybersecurity and Cloud Podcast as he discusses Application Security Posture Management (ASPM), threat modeling, and proactive strategies for enhancing software security. Learn about the impact of government regulations, CISA’s approaches to vulnerability management, and balancing security with profit. Don’t miss these insights to stay ahead in the cybersecurity landscape.
CSCP-S4EP16

  • 26th May 2024

CSCP S4EP16 – Irene Michlin – Threat Modelling in the Age of AI

“Discover the crucial role of threat modeling in application security with insights from Irene Michlin, application security lead at Neo4j. Learn how integrating developer perspectives and leveraging AI can enhance your security practices. Join the conversation on the Cybersecurity and Cloud Podcast and explore actionable strategies for robust application security. #Cybersecurity #ThreatModeling #ApplicationSecurity #AI #DevSecOps”

  • 12th May 2024

CSCP S4EP15 – Akira Brand – Singing the Tune of Application Security with Akira Brand

Delve into Application Security Program Management (ASPM) with Akira Brand on the Cybersecurity and Cloud Podcast. Discover how her unique opera background enriches her approach to security, enhancing application safety in a cloud-driven world. Tune in for expert insights on evolving AppSec to product security, the critical role of threat modeling, and strategies for building a resilient security culture.
View all podcasts

Start doing what matters today

Listen to the latest Phoenix Security  podcast

Listen to the latest Phoenix Security podcast

Read More
Guides

Get Started with Phoenix Security

Read More
News

Read the latest Phoenix Security news

Read More
Blog

Read the latest Blogs

Read More
Events

Discover our events

Read More
Talks

Explore the talks

Read More
Whitepapers

Discover Whitepapers

Read More
News

Read the latest News

Read More
Videos

Discover video resources

Learn More

Get in control

More than 1000 Users and 350 Organizations trust us

ACT Now
Request a demo
Dashboard

Phoenix Security Selected as Leader for ASPM in 2026 LATIO Application Security Report. Get your copy here -> 

Derek

Derek Fisher

Linkedin

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Linkedin

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Linkedin

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Linkedin

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Linkedin

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Linkedin

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
x Powerful Protection for WordPress, from Shield Security PRO
This Site Is Protected By
Shield Security PRO