All Blogs

TOP BLOG

Webinar Running application security at scale, Vulnerability Management with Tanya Janca.

Fixing Application security at scale can be challenging, but keeping them safe can be even trickier; in this webinar, we explore with Tanya Janca how to shift left and keep operation (right) safe, the benefit of vulnerability management and how to optimize your tooling.

Francesco Cipollone

What is risk-based vulnerability management, and why is it essential to prioritize vulnerabilities

risk based vulnerability management how to leverage Cyber threat intelligence, contextual based information to prioritize vulnerabilities across application security and cloud security

Francesco Cipollone

What is CISA KEV Known Exploited Vulnerability, and how to use it in prioritization?

Application security programs are vast and complicated; there are many methods to attack the problem, and Chris Romeo is an expert on the topic. Chris Romeo is a leading voice and thinker in application security, threat modelling, security champions, and the CEO of Kerr Ventures

Francesco Cipollone

How to build a resilient Vulnerability Management program for application and cloud security

Francesco Cipollone

Application Security at Scale with Chris Romeo with a focus on the Vulnerability management program

Francesco Cipollone

New USA National Cybersecurity Strategy – How does it apply to application security

The new USA cybersecurity strategy is out, in this article we break down the 5 pillars and the upcoming proposed regulations with impact on application security

Francesco Cipollone

New Features – February 2023 – Vulnerability Management Improvement

New Details and metadata on assets and vulnerabilities, improved SLA, Updated risk formula, Added domain in the contextual rules, Outbound asset API (preview) Security update on libraries

Alfonso Eusebio

What are the stages of vulnerability management maturity in application security?

What is the real cost of manual vulnerability management? in this snapshot we analyse the size of the problem and the requirement for a better and more automated approach

Francesco Cipollone

Vulnerability maturity model, application security and cloud security

Presenting the first version of the Vulnerability Management Framework to assess your Organization from the discovery of vulnerabilities to resolutions triaging application and cloud security

Francesco Cipollone

TOP BLOG

New USA National Cybersecurity Strategy – How does it apply to application security

The new USA cybersecurity strategy is out, in this article we break down the 5 pillars and the upcoming proposed regulations with impact on application security

Francesco Cipollone

New Features – February 2023 – Vulnerability Management Improvement

New Details and metadata on assets and vulnerabilities, improved SLA, Updated risk formula, Added domain in the contextual rules, Outbound asset API (preview) Security update on libraries

Alfonso Eusebio

Vulnerability Management: Strategies, Types and Tools

Vulnerability management is an important part of cybersecurity and is essential for organizations to protect their systems and data from malicious actors.In this article, we will discuss the various strategies that organizations can use to effectively manage their vulnerabilities.

Sally Turner

The Role of Security Risk Management in Protecting Organizational Assets

What is the role of risk management in an organization what role does it play? we explore risk assessment and management in an organization lifecycle

Sally Turner

The Process & Challenges of Implementing a Security Risk Management System

Security risk management is an essential part of any organization’s operations, as it helps to protect the organization’s assets and ensure the continuity of its operations.

Sally Turner

What is application security? top 10 popular terms

What is application security and what are the top searched terms?

Francesco Cipollone

Phoenix Security Launches V3 of the revolutionary vulnerability management platform leveraging now contextualization.

Phoenix Security is proud to announce the launch of the V3 Platform The smart software security platform launched V3 to help clients contextualize, prioritise cybersecurity threats and act on risk risks that matter most faster

Francesco Cipollone

Contextual Vulnerability Management: Protecting Software and Cloud Infrastructure

Contextual vulnerability management is a comprehensive approach to identifying, analyzing, and mitigating vulnerabilities in software and cloud infrastructure. It involves considering the specific context and environment in which vulnerabilities exist, including the software and hardware components, the network infrastructure, and the organizational policies and processes in place. By adopting this approach, organizations can more effectively assess and mitigate the risks posed by vulnerabilities, helping to protect their assets and maintain the security of their systems and networks.

Francesco Cipollone

Appsec Phoenix is now Phoenix Security a transformative Contextual Vulnerability management platform from code to cloud

Phoenix Security’s context-based vulnerability management platform helps clients focus on the 10% of vulnerabilities that matters from code to cloud

Francesco Cipollone

Appsec Phoenix is Now Phoenix security – contextual-based vulnerability prioritization from code to cloud.

Appsec phoenix has evolved into full security phoenix, contextual vulnerability prioritization from code to cloud

Francesco Cipollone

AppSec Phoenix now cloud security Phoenix Platform – V3 major release

AppSec Phoenix releases the new Phoenix Security Platform v3 to address vulnerabilities from code to cloud. ACT on Risk with one click

Alfonso Eusebio

AppSec Phoenix LIVE STREAM @ BLACK HAT Europe – Fireside Chat on Application & Cloud Security

Appsec Phoenix will be at black hat Europe with Application and cloud security unified into an actionable risk-based contextual view. We will host a raffle on the day and announce the winners on both days. Ask us about appsec phoenix, decipher the cypher and win a special prize. Decipher the code, come and win the special price

Francesco Cipollone

New Features – November 2022

November brings a new release of the platform; as most of the features will be released in v3 we are providing a preview of what’s to come

Alfonso Eusebio

Vulnerability Management Manifesto

What is the real cost of manual vulnerability management? in this snapshot we analyse the size of the problem and the requirement for a better and more automated approach

Francesco Cipollone

APPSEC PHOENIX CVE, CWE, CONTEXT IS QUEEN, VULNERABILITY PRIORITIZATION IS QUEEN talk at Open Security Summit London

Appsec Phoenix CEO Francesco Cipollone will be talking at the Open Security Summit in London. Vulnerability tooling is increasing, security advisories are faster, and teams are leaner. Have we lost the battle of vulnerabilities, is the shift left and the view that ‘security is everyone’s problem working?

Francesco Cipollone

APPSEC PHOENIX CVE, CWE, CONTEXT IS QUEEN, VULNERABILITY PRIORITIZATION IS QUEEN talk at London DevSecOps

Appsec Phoenix CEO Francesco Cipollone will be talking at the London DevSecOps meetup.Vulnerability tooling is increasing, security advisories are faster, and teams are leaner. Have we lost the battle of vulnerabilities, is the shift left and the view that ‘security is everyone’s problem working?

Francesco Cipollone

APPSEC PHOENIX WILL BE LIVESTREAMING AT BLACK HAT FIRESIDE CHAT ON APPLICATION AND CLOUD SECURITY

Francesco Cipollone

APPSEC PHOENIX FINALIST AT WCA 22 AWARDS FOR STARTUP OF THE YEAR

AppSec Phoenix, the leader in ASOC, pioneering the cloud security and application security relationship, was selected amongst thousands of startups and the only one in cybersecurity as a finalist for the prestigious world communication awards. AppSec Phoenix’s Francesco Cipollone, pioneering the cloud security and application security relationship, was selected as a finalist for the innovator of the year award.

Francesco Cipollone

APPSEC PHOENIX & FRANCESCO CIPOLLONE FINALIST FOR DIFFERENCE-MAKING SANS AWARD

Francesco Cipollone dreamed of creating an organizations that helps all security professionals love back the work on vulnerability management and application security. AppSec Phoenix’s Francesco Cipollone, pioneering the cloud security and application security relationship, was selected as a finalist for the innovator of the year award.

Francesco Cipollone

AppSec Phoenix finalist in two categories the Risk Management Solution of the year

AppSec Phoenix, the leader in ASOC, pioneering the cloud security and application security relationship, is being selected as a finalist for the product of the year and the security innovator of the year.

Francesco Cipollone

New Features – September 2022

Francesco Cipollone

AppSec Phoenix Welcomes Mike Takla, Cybersecurity leader in sales, to its business advisory board

AppSec Phoenix, the next-gen leader in Vulnerability and Posture Management for Cloud and Application security, has announced the addition of Mike Takla to its board. Mike joins the firm as an advisor adding to the board years of leadership and experience.

Francesco Cipollone

AppSec Phoenix Welcomes Jonathan Rau Cybersecurity leader cloud to its technology advisory board.

Jonathan Rau joins AppSec phoenix advisory board. Jonathan joins the firm as an advisor adding years of leadership and experience in cloud and appsec

Francesco Cipollone

AppSec Phoenix Welcomes Vandana Verma, Cybersecurity leader in application and cloud security, to its technical advisory board

AppSec Phoenix, the next-gen leader in Vulnerability and Posture Management for Cloud and Application security, has announced the addition of Vandana Verma to its board. Vandana joins the firm as an advisor adding to the board years of leadership and experience.

Francesco Cipollone

AppSec Phoenix Welcomes Kevin Isaac, Cybersecurity Leader, to Its Board

Kevin Isac Joins Appsec Phoenix advisory board. Kevin is action-oriented and focused on bringing sales leadership to the advisory board. Appsec phoenix is honoured to have a veteran and experienced leader such as Kevin on the advisory board

Francesco Cipollone

AppSec Phoenix Welcomes John Kinsella, Cybersecurity Leader and Podcast Star to Its Advisory Board

John’s leadership and experience in the cybersecurity field strengthen the leadership, vision, and validation of the AppSec Phoenix Platform.

Francesco Cipollone

AppSec Phoenix Welcomes Christopher Hodson, Cybersecurity Leader and Investor, to the Advisory Board

Christopher Hodson Joins Appsec Phoenix Technical and Business advisory board. Christopher’s leadership and generous investment bring leadership vision and validation to the existing product and technical advisory board made of cyber stars

Francesco Cipollone

AppSec Phoenix Welcomes Chris Romeo, Cybersecurity Leader and Investor, to Its Board

Chris Romeo Appsec leader joins Appsec Phoenix advisory board. Chris’s leadership and generous investment bring leadership vision and validation to the exceptional board of advisors.

Francesco Cipollone

Application security and Vulnerability management leveraging open source and open source intelligence

Every week we will explore open source security (OSS Security) tools and technique to improve Application Security, Cloud Security and Vulnerability Managment This week we start with a 4 step framework tool

Francesco Cipollone

Appsec Phoenix Reaches a new milestone reaching above 1000 users on the community edition managing vulnerability at scale

Appsec Phoenix Reaches a new milestone reaching above 1000 users on the community edition. “We had a dream one year ago to help security professionals around the globe reach more developers and scale their application and cloud security programme better. “

Francesco Cipollone

AppSec Phoenix integrate with the vulnerability detection leaders Qualys, Rapid7, Crowdstrike Falcon, Tenable, ServiceNow

AppSec Phoenix Offers Seamless Integration with CrowdStrike, Rapid7, Nessus, Service Now, Slack, and Jira, taking Vulnerability Management to the next level.

Francesco Cipollone

New Features Released – August 2022

New August Features, Asset Screens, Posture management, Integration with Service now CMDB, Service Now Incident, Crowd Strike Falcon

Francesco Cipollone

Product Security the pillars of the programme – Vulnerability Management and Measurements

First of two part article covering Security Vulnerabilities SLA, SLO, OKr and useful tips to set objectives between development and security teams that result in reduction of risk and vulnerabilities across application security, cloud and infrastructure

Francesco Cipollone

AppSec Phoenix got nominated as a leader in the ASOC category for the Application Security Hype cycle.

We are pleased to announce that AppSec Phoenix has been named a Leader in the 2022 Hype Cycle for Application Security Orchestration and Correlation.

Francesco Cipollone

New Features Released – June/July 2022

Francesco Cipollone

Vulnerability, Infrastructure and Application Security SLA, SLO, OKr – Do they matter??

Francesco Cipollone

Security SLA, SLO, SLI – What they are and do they matter?

SLA,SLI,SLO we analyse the various timers and the Mean Time to used in measuring performance and speed of resolution of vulnerabilities

Francesco Cipollone

SLA SLO OKR and SLI for vulnerability management are still effective?

In this article we are covering Security Vulnerabilities SLA, SLO, OKr and useful tips to set objectives between development and security teams that result in reduction of risk and vulnerabilities across application security, cloud and infrastructure

Francesco Cipollone

AppSec Phoenix Release – MAY-JUNE

Auto Creation of Application Components, Application creation & Tag association, MFA with Authenticator app for MFA Infra Asset screens, Community Licence

Alfonso Eusebio

AppSec Phoenix integrate with the external attack surface Detectify for Web Vulnerabilities early detection

AppSec phoenix is happy to announce the full support of Detectify for external attack surface and web vulnerability monitoring

Francesco Cipollone

AppSec Phoenix Release – May 22 – 3-5-2022 – What’s New

New Licences & Freemium Auto Creation of assets Time Frames for Charts Policy Engine (early release) Scanner Integrations – Laceworks – Detectify

Francesco Cipollone

New Features Released – Jan-Feb 22

New Feature Release Q1 22 Zero Day New integration New login screens with Google sign in and SSO MTTR/ MTTO

Francesco Cipollone

New Features Released – March-April 22

New Feature Release Q2

Francesco Cipollone

AppSec Phoenix now offers container and cloud security integration with Lacework

AppSec phoenix is happy to announce the full support of lacework Security Scanning capability for containers and cloud security

Francesco Cipollone

The Spring4Shell confusion

two RCE vulnerabilities were being discussed on the internet. Most of the people talking about them believe they’re talking about “Spring4Shell” (CVE Added: CVE-2022-22965), but in reality they’re swapping notes about CVE-2022-22963.

Francesco Cipollone

AppSec Phoenix now offers Github Issue support

AppSec phoenix is happy to announce the full support of Github Issues

Francesco Cipollone

AppSec Phoenix now offers integration with Azure DevOps

AppSec phoenix is happy to announce the full support of Burpsuite Professional enabling red teams and pentesting teams to import XML Scans

Francesco Cipollone

AppSec Phoenix now offers BurpSuite Professional Integration

AppSec phoenix is happy to announce the full support of Burpsuite Professional enabling red teams and pentesting teams to import XML Scans

Francesco Cipollone

AppSec Phoenix now offers SAST Code Security integration with Github Code QL

AppSec phoenix is happy to announce the full support of Github CodeQL Security Scanning capability for code directly in gihub

Francesco Cipollone

AppSec Phoenix now offers container and cloud security integration with SNYK

AppSec phoenix is happy to announce the full support of SNYK container and cloud Security Scanning capability

Francesco Cipollone

Cyber Security Expo – First conference back

we are back to face to face conference. we have swag to make the adventure a bit more challenging we will be moving around conference tables and post-conference pubs

Francesco Cipollone

Compliance and Vulnerabilities two different animals

First article focusing on vulnerability management, posture management and mapping to compliance frameworks like CISA, NIST Cybersecurity Framework and ISO27001:2017

Francesco Cipollone

AppSec Phoenix Welcomes Cybersecurity Executive Bryan Littlefair to Its Board

Bryan Littlefair joins AppSec Phoenix Board his leadership that will help the XSPM Next-Generation Security Posture Management Platform to scale

Francesco Cipollone

AppSec Phoenix + OWASP

AppSec Phoenix Partnered With OWASP to provide all OWASP member a FOREVER FREE community licence to kick start their journey on appsec & Cloudsec

Francesco Cipollone

Log4J / Log4Shell (Part 2): Why so easy to exploit

We analyse the high effectiveness of log4j and the multiple exploitation paths that show why log4j has such a devastating effect on a lot of systems

Francesco Cipollone

The Ultimate Guide to Log4Shell: Where Did It Come From and How Do I Stop It?

In this retrospective article we go trough the common workaround and how to fix log4j with the resource available

Francesco Cipollone

AppSec Phoenix Welcomes Cybersecurity Leader and Investor Andrew Peterson to the Board of Advisors

Andrew Peterson joins AppSec Phoenix Board his leadership and generous investment will help the risk vulnerability management platform scale

Francesco Cipollone

An award with weight AppSec Phoenix Wins the Security Excellence award for the best Risk management solution in DevSecOps

Francesco Cipollone

Log4Shell – 2.17.x Vulnerable Again? Demystifying CVE-2021-44228

In the last few weeks, information security professionals have been fighting and updating systems like crazy. We have summarized an update on where we are right now and what you can do about resolution

Francesco Cipollone

AppSec Phoenix offers native WordPress Security Assessment with the integration of WP-Scan

AppSec phoenix is happy to announce the full native integration with one of the leaders in application security scanning for SME and measurement of code SonarCloud. Appsec Phoenix will be able to retrieve and organize as well as track the application security vulnerabilities for code and code quality.

Francesco Cipollone

AppSec Phoenix integrates natively with SonarCloud a comprehensive overview of Code

Francesco Cipollone

Log4J / Log4Shell (Part 1): Misconceptions

Demystifying the myth around log4j / Log4Shell.we give an overview on Log4J what has caused it and some demystification

Francesco Cipollone

Log4Shell – Updates and latest remediation/workflows

Francesco Cipollone

New 0 Day – RCE in Java Log4Shell package

A new Remote Code Execution (RCE) has been disclosed in the wild affecting the log4j library for java. Affected Version 2.0 <= Apache log4j <= 2.14.1. Services in cloud-like: Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.

Francesco Cipollone

AppSec Phoenix wins the Risk Management Solution of the year

Francesco Cipollone

AppSec Phoenix integrates natively with GitHub Dependabot for a comprehensive overview over Software Composition Analysis

AppSec phoenix is happy to announce the full integration with Github Dependabot the free and open-source integrated tool to identify dependency issues with open source libraries

Francesco Cipollone

AppSec Phoenix integrates with White Source for an integrated overview over Software Composition Analysis

AppSec Phoenix is happy to announce the integration with whitesource for automated scanning of your SCA vulnerabilities and aggregation in one place

Francesco Cipollone

AppSec Phoenix Welcomes Cybersecurity Nicole Becher

AppSec Phoenix is honoured to welcome Nicole to its advisory board. Nicole brings the industry knowledge from S&P and technology from Google

Francesco Cipollone

AppSec Phoenix Selected for Prestigious Cyber Runway Grow Programme

AppSec Phoenix is now part of Cyber Runway Grow the largest accelerator programme for cybersecurity start-ups in the UK

Francesco Cipollone

AppSec Phoenix Welcomes Cybersecurity Expert Vandana Verma

Vandana’s expertise in cybersecurity community involvement and unique perspective will help the risk vulnerability management platform bolster its security capabilities and knowledge as it looks toward a seed funding campaign

Francesco Cipollone

AppSec Phoenix Announces Partnership with OWASP

AppSec Phoenix the vulnerability management application will offer OWASP members access to its open-source security tools and access to the community edition

Francesco Cipollone