All Blogs

TOP BLOG

Exploitability Pipeline Application Security Exploitability: A Deep Dive with a risk-based approach

A ciso Perspective on application security how to action vulnerabilities. Jim Newman explores with francesco the meaning of a risk based driven approach on application security with context

Francesco Cipollone

Phoenix Security Welcomes Cybersecurity Veteran Lee Vorthman to Its Advisory Board

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, welcomes Lee Vorthman, Ciso of ORACLE advertising to the advisory board

Francesco Cipollone

Phoenix Security Phoenix Welcomes Jim Manico, Cybersecurity leader, OWASP Pillar creator of OWASP Top 10

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, has added Jim Manico, creator of OWASP top 10, to its board.

Francesco Cipollone

OWASP Top 10 across the years: what are the exploited vulnerabilities

Owasp top 10 has been a pillar over the years; sister to CWE – Common Weakness Enumeration we provide an overview of the top software vulnerabilities and web application security risks with a data-driven approach focused on helping identify what risk to fix first.

Francesco Cipollone

Phoenix Security Features – August/September 2023 – Risk-based formula, Magnitude, Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Asset and Vulnerability Management – Associate assets with multiple Applications and Environments – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities

Alfonso Eusebio

Understanding the OWASP Top 10 across the Years: Common Weaknesses and Notorious Attacks

Francesco Cipollone

Understanding CISA Top Routinely Exploited Vulnerability 2022: Key Insights and Trends for Vulnerability Management

Dive into the world of vulnerability exploitability with insights from CISA KEV, enhanced by powerful data visualizations and a deep dive into dominant vendors.

Francesco Cipollone

Understanding Vulnerability Exploitability: Focusing on What Matters Most in Cybersecurity, CISA KEV Exploit DB, Zero Day and more

With cyber threats growing in sophistication, understanding exploitability has become crucial for security teams to prioritize vulnerabilities effectively. This article explores the key factors that influence the likelihood of exploits in the wild, including attack vectors, complexity levels, privileges required, and more. You’ll learn how predictive scoring systems like EPSS are bringing added dimensions to vulnerability analysis, going beyond static scores. We discuss the importance of monitoring verified threat feeds and exploiting trends from reliable sources, instead of getting distracted by unverified claims and noise. Adopting a risk-based approach to prioritization is emphasized, where critical vulnerabilities are addressed not just based on CVSS severity, but also their likelihood of being exploited and potential business impact. Recent major exploits like Log4Shell are highlighted to stress the need for proactive security. Equipped with the insights from this guide, you’ll be able to implement a strategic, data-backed approach to focusing on the most pertinent risks over the barrage of vulnerabilities.

Francesco Cipollone

Phoenix Security Features – July 2023 – Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Improved Management your Vulnerabilities and Assets Display “Closed” vulnerabilities list page Display vulnerability stats in Asset screens Override asset exposure for whole Apps/Envs Filter on-screen dynamic statistical and insights Risk-based Posture Management Update risk formula structure Update Vuln risk formula factors Integrations Configure “vulnerability types” fetched from SonarCloud/SonarQube Users can manually trigger a “scanner refresh” Update Jira tickets when the associated vulnerability is closed Other Improvements Handle large number of items in Treemap chart Improved scanner flow: don’t fetch targets until needed Improved performance of MTTR queries

Alfonso Eusebio

The Securities and Exchange Commission (SEC) proposed a report and consequences

The Securities and Exchange Commission (SEC) has proposed a change regarding cybersecurity disclosures and how they will impact public companies. The rules cover various topics, including cybersecurity, environmental, social, and governance issues. The proposed changes will reshape the cybersecurity function, with increased expectations around incident disclosure and response, board-level involvement, and supply chain scrutiny.

Francesco Cipollone

TOP BLOG

Phoenix Security Welcomes Cybersecurity Veteran Lee Vorthman to Its Advisory Board

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, welcomes Lee Vorthman, Ciso of ORACLE advertising to the advisory board

Francesco Cipollone

Phoenix Security Phoenix Welcomes Jim Manico, Cybersecurity leader, OWASP Pillar creator of OWASP Top 10

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, has added Jim Manico, creator of OWASP top 10, to its board.

Francesco Cipollone

Phoenix Security Features – August/September 2023 – Risk-based formula, Magnitude, Application Security & Vulnerability Management Improvement

Alfonso Eusebio

Phoenix Security Features – July 2023 – Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Improved Management your Vulnerabilities and Assets Display “Closed” vulnerabilities list page Display vulnerability stats in Asset screens Override asset exposure for whole Apps/Envs Filter on-screen dynamic statistical and insights Risk-based Posture Management Update risk formula structure Update Vuln risk formula factors Integrations Configure “vulnerability types” fetched from SonarCloud/SonarQube Users can manually trigger a “scanner refresh” Update Jira tickets when the associated vulnerability is closed Other Improvements Handle large number of items in Treemap chart Improved scanner flow: don’t fetch targets until needed Improved performance of MTTR queries

Alfonso Eusebio

CVE API is changing. What are the new feature for vulnerability management and application security?

CVE API is being used by vulnerability management programs and application security programs to prepare for CVSS v4/ CVSS4 and CISA KEV FIRST new API format CVE JSOn v5 is being published and deprecate the previous V4

Alfonso Eusebio

Phoenix Security Features – June 2023 – Application Security & Vulnerability Management Improvement

New Features release Manage your Vulnerabilities and AssetsVulnerability Filtering and SortingLocation column in Vulnerabilities list, Default Configuration for Context RulesCustomisation of the number of tickets per backlog Productivity and User ExperienceLoading indicators and other usability improvements, More efficient use of space in Vulns tables IntegrationsTenable.io VM integrationUnified scanner integrations pageOutbound Vulnerability API (preview)

Alfonso Eusebio

Phoenix Security Features – May/June 2023 – Application Security & Vulnerability Management Improvement

Alfonso Eusebio

Phoenix Security Features – March 2023 – Application Security & Vulnerability Management Improvement

New Details and metadata on assets and vulnerabilities, improved SLA, Updated risk formula, Added domain in the contextual rules, Outbound asset API (preview) Security update on libraries

Alfonso Eusebio

New USA National Cybersecurity Strategy – How does it apply to application security

The new USA cybersecurity strategy is out, in this article we break down the 5 pillars and the upcoming proposed regulations with impact on application security

Francesco Cipollone

New Features – February 2023 – Vulnerability Management Improvement

New Details and metadata on assets and vulnerabilities, improved SLA, Updated risk formula, Added domain in the contextual rules, Outbound asset API (preview) Security update on libraries

Alfonso Eusebio

Vulnerability Management: Strategies, Types and Tools

Vulnerability management is an important part of cybersecurity and is essential for organizations to protect their systems and data from malicious actors.In this article, we will discuss the various strategies that organizations can use to effectively manage their vulnerabilities.

Sally Turner

The Role of Security Risk Management in Protecting Organizational Assets

What is the role of risk management in an organization what role does it play? we explore risk assessment and management in an organization lifecycle

Sally Turner

The Process & Challenges of Implementing a Security Risk Management System

Security risk management is an essential part of any organization’s operations, as it helps to protect the organization’s assets and ensure the continuity of its operations.

Sally Turner

What is application security? top 10 popular terms

What is application security and what are the top searched terms?

Francesco Cipollone

Phoenix Security Launches V3 of the revolutionary vulnerability management platform leveraging now contextualization.

Phoenix Security is proud to announce the launch of the V3 Platform The smart software security platform launched V3 to help clients contextualize, prioritise cybersecurity threats and act on risk risks that matter most faster

Francesco Cipollone

Contextual Vulnerability Management: Protecting Software and Cloud Infrastructure

Contextual vulnerability management is a comprehensive approach to identifying, analyzing, and mitigating vulnerabilities in software and cloud infrastructure. It involves considering the specific context and environment in which vulnerabilities exist, including the software and hardware components, the network infrastructure, and the organizational policies and processes in place. By adopting this approach, organizations can more effectively assess and mitigate the risks posed by vulnerabilities, helping to protect their assets and maintain the security of their systems and networks.

Francesco Cipollone

Appsec Phoenix is now Phoenix Security a transformative Contextual Vulnerability management platform from code to cloud

Phoenix Security’s context-based vulnerability management platform helps clients focus on the 10% of vulnerabilities that matters from code to cloud

Francesco Cipollone

Appsec Phoenix is Now Phoenix security – contextual-based vulnerability prioritization from code to cloud.

Appsec phoenix has evolved into full security phoenix, contextual vulnerability prioritization from code to cloud

Francesco Cipollone

AppSec Phoenix now cloud security Phoenix Platform – V3 major release

AppSec Phoenix releases the new Phoenix Security Platform v3 to address vulnerabilities from code to cloud. ACT on Risk with one click

Alfonso Eusebio

AppSec Phoenix LIVE STREAM @ BLACK HAT Europe – Fireside Chat on Application & Cloud Security

Appsec Phoenix will be at black hat Europe with Application and cloud security unified into an actionable risk-based contextual view. We will host a raffle on the day and announce the winners on both days. Ask us about appsec phoenix, decipher the cypher and win a special prize. Decipher the code, come and win the special price

Francesco Cipollone

New Features – November 2022

November brings a new release of the platform; as most of the features will be released in v3 we are providing a preview of what’s to come

Alfonso Eusebio

Vulnerability Management Manifesto

What is the real cost of manual vulnerability management? in this snapshot we analyse the size of the problem and the requirement for a better and more automated approach

Francesco Cipollone

APPSEC PHOENIX CVE, CWE, CONTEXT IS QUEEN, VULNERABILITY PRIORITIZATION IS QUEEN talk at Open Security Summit London

Appsec Phoenix CEO Francesco Cipollone will be talking at the Open Security Summit in London. Vulnerability tooling is increasing, security advisories are faster, and teams are leaner. Have we lost the battle of vulnerabilities, is the shift left and the view that ‘security is everyone’s problem working?

Francesco Cipollone

APPSEC PHOENIX CVE, CWE, CONTEXT IS QUEEN, VULNERABILITY PRIORITIZATION IS QUEEN talk at London DevSecOps

Appsec Phoenix CEO Francesco Cipollone will be talking at the London DevSecOps meetup.Vulnerability tooling is increasing, security advisories are faster, and teams are leaner. Have we lost the battle of vulnerabilities, is the shift left and the view that ‘security is everyone’s problem working?

Francesco Cipollone

APPSEC PHOENIX WILL BE LIVESTREAMING AT BLACK HAT FIRESIDE CHAT ON APPLICATION AND CLOUD SECURITY

Francesco Cipollone

APPSEC PHOENIX FINALIST AT WCA 22 AWARDS FOR STARTUP OF THE YEAR

AppSec Phoenix, the leader in ASOC, pioneering the cloud security and application security relationship, was selected amongst thousands of startups and the only one in cybersecurity as a finalist for the prestigious world communication awards. AppSec Phoenix’s Francesco Cipollone, pioneering the cloud security and application security relationship, was selected as a finalist for the innovator of the year award.

Francesco Cipollone

APPSEC PHOENIX & FRANCESCO CIPOLLONE FINALIST FOR DIFFERENCE-MAKING SANS AWARD

Francesco Cipollone dreamed of creating an organizations that helps all security professionals love back the work on vulnerability management and application security. AppSec Phoenix’s Francesco Cipollone, pioneering the cloud security and application security relationship, was selected as a finalist for the innovator of the year award.

Francesco Cipollone

AppSec Phoenix finalist in two categories the Risk Management Solution of the year

AppSec Phoenix, the leader in ASOC, pioneering the cloud security and application security relationship, is being selected as a finalist for the product of the year and the security innovator of the year.

Francesco Cipollone

New Features – September 2022

Francesco Cipollone

AppSec Phoenix Welcomes Mike Takla, Cybersecurity leader in sales, to its business advisory board

AppSec Phoenix, the next-gen leader in Vulnerability and Posture Management for Cloud and Application security, has announced the addition of Mike Takla to its board. Mike joins the firm as an advisor adding to the board years of leadership and experience.

Francesco Cipollone

AppSec Phoenix Welcomes Jonathan Rau Cybersecurity leader cloud to its technology advisory board.

Jonathan Rau joins AppSec phoenix advisory board. Jonathan joins the firm as an advisor adding years of leadership and experience in cloud and appsec

Francesco Cipollone

AppSec Phoenix Welcomes Vandana Verma, Cybersecurity leader in application and cloud security, to its technical advisory board

AppSec Phoenix, the next-gen leader in Vulnerability and Posture Management for Cloud and Application security, has announced the addition of Vandana Verma to its board. Vandana joins the firm as an advisor adding to the board years of leadership and experience.

Francesco Cipollone

AppSec Phoenix Welcomes Kevin Isaac, Cybersecurity Leader, to Its Board

Kevin Isac Joins Appsec Phoenix advisory board. Kevin is action-oriented and focused on bringing sales leadership to the advisory board. Appsec phoenix is honoured to have a veteran and experienced leader such as Kevin on the advisory board

Francesco Cipollone

AppSec Phoenix Welcomes John Kinsella, Cybersecurity Leader and Podcast Star to Its Advisory Board

John’s leadership and experience in the cybersecurity field strengthen the leadership, vision, and validation of the AppSec Phoenix Platform.

Francesco Cipollone

AppSec Phoenix Welcomes Christopher Hodson, Cybersecurity Leader and Investor, to the Advisory Board

Christopher Hodson Joins Appsec Phoenix Technical and Business advisory board. Christopher’s leadership and generous investment bring leadership vision and validation to the existing product and technical advisory board made of cyber stars

Francesco Cipollone

AppSec Phoenix Welcomes Chris Romeo, Cybersecurity Leader and Investor, to Its Board

Chris Romeo Appsec leader joins Appsec Phoenix advisory board. Chris’s leadership and generous investment bring leadership vision and validation to the exceptional board of advisors.

Francesco Cipollone

Application security and Vulnerability management leveraging open source and open source intelligence

Every week we will explore open source security (OSS Security) tools and technique to improve Application Security, Cloud Security and Vulnerability Managment This week we start with a 4 step framework tool

Francesco Cipollone

Appsec Phoenix Reaches a new milestone reaching above 1000 users on the community edition managing vulnerability at scale

Appsec Phoenix Reaches a new milestone reaching above 1000 users on the community edition. “We had a dream one year ago to help security professionals around the globe reach more developers and scale their application and cloud security programme better. “

Francesco Cipollone

AppSec Phoenix integrate with the vulnerability detection leaders Qualys, Rapid7, Crowdstrike Falcon, Tenable, ServiceNow

AppSec Phoenix Offers Seamless Integration with CrowdStrike, Rapid7, Nessus, Service Now, Slack, and Jira, taking Vulnerability Management to the next level.

Francesco Cipollone

New Features Released – August 2022

New August Features, Asset Screens, Posture management, Integration with Service now CMDB, Service Now Incident, Crowd Strike Falcon

Francesco Cipollone

Product Security the pillars of the programme – Vulnerability Management and Measurements

First of two part article covering Security Vulnerabilities SLA, SLO, OKr and useful tips to set objectives between development and security teams that result in reduction of risk and vulnerabilities across application security, cloud and infrastructure

Francesco Cipollone

AppSec Phoenix got nominated as a leader in the ASOC category for the Application Security Hype cycle.

We are pleased to announce that AppSec Phoenix has been named a Leader in the 2022 Hype Cycle for Application Security Orchestration and Correlation.

Francesco Cipollone

New Features Released – June/July 2022

Francesco Cipollone

Vulnerability, Infrastructure and Application Security SLA, SLO, OKr – Do they matter??

Francesco Cipollone

Security SLA, SLO, SLI – What they are and do they matter?

SLA,SLI,SLO we analyse the various timers and the Mean Time to used in measuring performance and speed of resolution of vulnerabilities

Francesco Cipollone

SLA SLO OKR and SLI for vulnerability management are still effective?

In this article we are covering Security Vulnerabilities SLA, SLO, OKr and useful tips to set objectives between development and security teams that result in reduction of risk and vulnerabilities across application security, cloud and infrastructure

Francesco Cipollone

AppSec Phoenix Release – MAY-JUNE

Auto Creation of Application Components, Application creation & Tag association, MFA with Authenticator app for MFA Infra Asset screens, Community Licence

Alfonso Eusebio

AppSec Phoenix integrate with the external attack surface Detectify for Web Vulnerabilities early detection

AppSec phoenix is happy to announce the full support of Detectify for external attack surface and web vulnerability monitoring

Francesco Cipollone

AppSec Phoenix Release – May 22 – 3-5-2022 – What’s New

New Licences & Freemium Auto Creation of assets Time Frames for Charts Policy Engine (early release) Scanner Integrations – Laceworks – Detectify

Francesco Cipollone

New Features Released – Jan-Feb 22

New Feature Release Q1 22 Zero Day New integration New login screens with Google sign in and SSO MTTR/ MTTO

Francesco Cipollone

New Features Released – March-April 22

New Feature Release Q2

Francesco Cipollone

AppSec Phoenix now offers container and cloud security integration with Lacework

AppSec phoenix is happy to announce the full support of lacework Security Scanning capability for containers and cloud security

Francesco Cipollone

The Spring4Shell confusion

two RCE vulnerabilities were being discussed on the internet. Most of the people talking about them believe they’re talking about “Spring4Shell” (CVE Added: CVE-2022-22965), but in reality they’re swapping notes about CVE-2022-22963.

Francesco Cipollone

AppSec Phoenix now offers Github Issue support

AppSec phoenix is happy to announce the full support of Github Issues

Francesco Cipollone

AppSec Phoenix now offers integration with Azure DevOps

AppSec phoenix is happy to announce the full support of Burpsuite Professional enabling red teams and pentesting teams to import XML Scans

Francesco Cipollone

AppSec Phoenix now offers BurpSuite Professional Integration

AppSec phoenix is happy to announce the full support of Burpsuite Professional enabling red teams and pentesting teams to import XML Scans

Francesco Cipollone

AppSec Phoenix now offers SAST Code Security integration with Github Code QL

AppSec phoenix is happy to announce the full support of Github CodeQL Security Scanning capability for code directly in gihub

Francesco Cipollone

AppSec Phoenix now offers container and cloud security integration with SNYK

AppSec phoenix is happy to announce the full support of SNYK container and cloud Security Scanning capability

Francesco Cipollone

Cyber Security Expo – First conference back

we are back to face to face conference. we have swag to make the adventure a bit more challenging we will be moving around conference tables and post-conference pubs

Francesco Cipollone

Compliance and Vulnerabilities two different animals

First article focusing on vulnerability management, posture management and mapping to compliance frameworks like CISA, NIST Cybersecurity Framework and ISO27001:2017

Francesco Cipollone

AppSec Phoenix Welcomes Cybersecurity Executive Bryan Littlefair to Its Board

Bryan Littlefair joins AppSec Phoenix Board his leadership that will help the XSPM Next-Generation Security Posture Management Platform to scale

Francesco Cipollone

AppSec Phoenix + OWASP

AppSec Phoenix Partnered With OWASP to provide all OWASP member a FOREVER FREE community licence to kick start their journey on appsec & Cloudsec

Francesco Cipollone

Log4J / Log4Shell (Part 2): Why so easy to exploit

We analyse the high effectiveness of log4j and the multiple exploitation paths that show why log4j has such a devastating effect on a lot of systems

Francesco Cipollone

The Ultimate Guide to Log4Shell: Where Did It Come From and How Do I Stop It?

In this retrospective article we go trough the common workaround and how to fix log4j with the resource available

Francesco Cipollone

AppSec Phoenix Welcomes Cybersecurity Leader and Investor Andrew Peterson to the Board of Advisors

Andrew Peterson joins AppSec Phoenix Board his leadership and generous investment will help the risk vulnerability management platform scale

Francesco Cipollone

An award with weight AppSec Phoenix Wins the Security Excellence award for the best Risk management solution in DevSecOps

Francesco Cipollone

Log4Shell – 2.17.x Vulnerable Again? Demystifying CVE-2021-44228

In the last few weeks, information security professionals have been fighting and updating systems like crazy. We have summarized an update on where we are right now and what you can do about resolution

Francesco Cipollone

AppSec Phoenix offers native WordPress Security Assessment with the integration of WP-Scan

AppSec phoenix is happy to announce the full native integration with one of the leaders in application security scanning for SME and measurement of code SonarCloud. Appsec Phoenix will be able to retrieve and organize as well as track the application security vulnerabilities for code and code quality.

Francesco Cipollone

AppSec Phoenix integrates natively with SonarCloud a comprehensive overview of Code

Francesco Cipollone

Log4J / Log4Shell (Part 1): Misconceptions

Demystifying the myth around log4j / Log4Shell.we give an overview on Log4J what has caused it and some demystification

Francesco Cipollone

Log4Shell – Updates and latest remediation/workflows

Francesco Cipollone

New 0 Day – RCE in Java Log4Shell package

A new Remote Code Execution (RCE) has been disclosed in the wild affecting the log4j library for java. Affected Version 2.0 <= Apache log4j <= 2.14.1. Services in cloud-like: Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.

Francesco Cipollone

AppSec Phoenix wins the Risk Management Solution of the year

Francesco Cipollone

AppSec Phoenix integrates natively with GitHub Dependabot for a comprehensive overview over Software Composition Analysis

AppSec phoenix is happy to announce the full integration with Github Dependabot the free and open-source integrated tool to identify dependency issues with open source libraries

Francesco Cipollone

AppSec Phoenix Offers Seamless Integration with Web Scanning Leader Netsparker, and Acunetix Delivering a Powerful Blow to Would-Be Cybercriminals

Francesco Cipollone

Resources

Phoenix Security Blog - AppSec & Cloudsec

TOP BLOG

A ciso Perspective on application security how to action vulnerabilities. Jim Newman explores with francesco the meaning of a risk based driven approach on application security with context

A ciso Perspective on application security how to action vulnerabilities. Jim Newman explores with francesco the meaning of a risk based driven approach on application security with context

TOP BLOG

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, welcomes Lee Vorthman, Ciso of ORACLE advertising to the advisory board

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, welcomes Lee Vorthman, Ciso of ORACLE advertising to the advisory board

Phoenix Security
Blog - AppSec & Cloudsec