Login
Get Access
Demo

Resources

Explore Resources on Application and Cloud Security

Discover the latest events, conferences, research from the Phoenix team on application and cloud security.
Download all the whitepaeprs data sheet and conference material.
Time to build better Application Security and Cloud Security programmes.

White Papers

SLA are dead long live SLA – Data driven approach on Vulnerabilities

Download

Vulnerability Management at scale & the power of context based prioritiz…

Download

Application & Cloud security program

Download

Content Risk and prioritization.
Do’s and don’ts

Download

Data Sheet and Reference materials

Tech-sheet

Download

Datasheet

Download

E-book

Download

Getting started video tour

Watch the video

From our Blog

Lee-Vorthman CISO Oracle Cloud joins Phoenix Security Advisory Board former Pearson Vue
  • 2nd October 2023

Phoenix Security Welcomes Cybersecurity Veteran Lee Vorthman to Its Advisory Board

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, welcomes Lee Vorthman, Ciso of ORACLE advertising to the advisory board
Francesco Cipollone
OWASP Top 10 Common Weakness Enumeration Web application security risks Software vulnerabilities Cybersecurity best practices Real-world cyberattacks Mitigating security risks
  • 25th September 2023

OWASP Top 10 across the years: what are the exploited vulnerabilities

Owasp top 10 has been a pillar over the years; sister to CWE – Common Weakness Enumeration we provide an overview of the top software vulnerabilities and web application security risks with a data-driven approach focused on helping identify what risk to fix first.
Francesco Cipollone
  • 18th September 2023

Phoenix Security Features – August/September 2023 – Risk-based formula, Magnitude, Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Asset and Vulnerability Management – Associate assets with multiple Applications and Environments – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities
Alfonso Eusebio
Top Exploited vulnerability, Github top exploits, Vulnerability management, Risk-based prioritization, Likelihood of exploitation, Exploit prediction scoring system (EPSS), EPSS, Common weakness enumeration (CWE), CWE, Common weakness scoring system (CWSS), CVSS scores, Verified exploits, Exploits in the wild, Cyber threat intelligence, Vulnerability assessment, Vulnerability exploitability, Cyber risk management, Patch management, Zero day exploits, Software vulnerabilities, Cybersecurity threats, CISA, CISA KEV, Exploitation,
  • 20th August 2023

Understanding Vulnerability Exploitability: Focusing on What Matters Most in Cybersecurity, CISA KEV Exploit DB, Zero Day and more

With cyber threats growing in sophistication, understanding exploitability has become crucial for security teams to prioritize vulnerabilities effectively. This article explores the key factors that influence the likelihood of exploits in the wild, including attack vectors, complexity levels, privileges required, and more. You’ll learn how predictive scoring systems like EPSS are bringing added dimensions to vulnerability analysis, going beyond static scores. We discuss the importance of monitoring verified threat feeds and exploiting trends from reliable sources, instead of getting distracted by unverified claims and noise. Adopting a risk-based approach to prioritization is emphasized, where critical vulnerabilities are addressed not just based on CVSS severity, but also their likelihood of being exploited and potential business impact. Recent major exploits like Log4Shell are highlighted to stress the need for proactive security. Equipped with the insights from this guide, you’ll be able to implement a strategic, data-backed approach to focusing on the most pertinent risks over the barrage of vulnerabilities.
Francesco Cipollone
  • 12th August 2023

Phoenix Security Features – July 2023 – Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Improved Management your Vulnerabilities and Assets Display “Closed” vulnerabilities list page Display vulnerability stats in Asset screens Override asset exposure for whole Apps/Envs Filter on-screen dynamic statistical and insights Risk-based Posture Management Update risk formula structure Update Vuln risk formula factors Integrations Configure “vulnerability types” fetched from SonarCloud/SonarQube Users can manually trigger a “scanner refresh” Update Jira tickets when the associated vulnerability is closed Other Improvements Handle large number of items in Treemap chart Improved scanner flow: don’t fetch targets until needed Improved performance of MTTR queries
Alfonso Eusebio
SEC Rule, Report, Cyber, Cybersecurity,
  • 2nd August 2023

The Securities and Exchange Commission (SEC) proposed a report and consequences

The Securities and Exchange Commission (SEC) has proposed a change regarding cybersecurity disclosures and how they will impact public companies. The rules cover various topics, including cybersecurity, environmental, social, and governance issues. The proposed changes will reshape the cybersecurity function, with increased expectations around incident disclosure and response, board-level involvement, and supply chain scrutiny.
Francesco Cipollone
OpenSSH Vulnerability, CVE-2023-38408, SSH Agent Forwarding, OpenSSH's Agent Forwarding CVE-2023-38408, OpenSSH 9.3p2, PKCS#11 providers, ClamAV, Malwarebytes, Avast, Phoenix Security Vulnerability Management, Phoenix Security Asset Management, Mitigating OpenSSH Vulnerability, Securing OpenSSH, OpenSSH Upgrade, System Scans, Cybersecurity, Network Security
  • 25th July 2023

Understanding OpenSSH’s Agent Forwarding CVE-2023-38408: A Comprehensive Guide

Explore the critical OpenSSH vulnerability, CVE-2023-38408, and learn how to safeguard your systems effectively. This guide provides an in-depth look at the vulnerability, its potential impact, and detailed steps to mitigate its risks. Discover how tools like Phoenix Security’s Vulnerability and Asset Management can help prioritize and act on such vulnerabilities swiftly
Francesco Cipollone
View all blog posts

Talks

View more

Quick Start

6 Videos

Video resources

View more

Quick Start

6 Videos

Community Podcast on Application Security & Cloud Security

  • 1st October 2023

CSCP S4EP02 – Christophe Parisel – Vulnerabilities in the cloud Azure AWS and the road to prioritization

View all podcasts

Quick Start

Quick Start

Integration Guide

Integrations

Manage Application

Vulnerability page

Start doing what matters today

Listen to the latest Phoenix Security podcast

Read More

Get Started with Phoenix Security

Read More

Read the latest Phoenix Security news

Read More

Read the latest Blogs

Read More

Discover our events

Read More

Explore the talks

Read More

Discover Whitepapers

Read More

Read the latest News

Read More

Discover video resources

Learn More

Get in control

More than 1000 Users and 350 Organizations trust us

ACT Now
Request a demo

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO