Resources

Explore Resources on Application and Cloud Security

Discover the latest events, conferences, research from the Phoenix team on application and cloud security.
Download all the whitepaeprs data sheet and conference material.
Time to build better Application Security and Cloud Security programmes.

White Papers

SLA are dead long live SLA – Data driven approach on Vulnerabilities

Vulnerability Management at scale & the power of context based prioritiz…

Application & Cloud security program

Content Risk and prioritization.
Do’s and don’ts

Data Sheet and Reference materials

Tech-sheet

Datasheet

E-book

Getting started video tour

From our Blog

OWASP Top 10 across the years: what are the exploited vulnerabilities

Owasp top 10 has been a pillar over the years; sister to CWE – Common Weakness Enumeration we provide an overview of the top software vulnerabilities and web application security risks with a data-driven approach focused on helping identify what risk to fix first.

Francesco Cipollone

Phoenix Security Features – August/September 2023 – Risk-based formula, Magnitude, Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Asset and Vulnerability Management – Associate assets with multiple Applications and Environments – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities

Alfonso Eusebio

Understanding the OWASP Top 10 across the Years: Common Weaknesses and Notorious Attacks

Francesco Cipollone

Understanding CISA Top Routinely Exploited Vulnerability 2022: Key Insights and Trends for Vulnerability Management

Dive into the world of vulnerability exploitability with insights from CISA KEV, enhanced by powerful data visualizations and a deep dive into dominant vendors.

Francesco Cipollone

Understanding Vulnerability Exploitability: Focusing on What Matters Most in Cybersecurity, CISA KEV Exploit DB, Zero Day and more

With cyber threats growing in sophistication, understanding exploitability has become crucial for security teams to prioritize vulnerabilities effectively. This article explores the key factors that influence the likelihood of exploits in the wild, including attack vectors, complexity levels, privileges required, and more. You’ll learn how predictive scoring systems like EPSS are bringing added dimensions to vulnerability analysis, going beyond static scores. We discuss the importance of monitoring verified threat feeds and exploiting trends from reliable sources, instead of getting distracted by unverified claims and noise. Adopting a risk-based approach to prioritization is emphasized, where critical vulnerabilities are addressed not just based on CVSS severity, but also their likelihood of being exploited and potential business impact. Recent major exploits like Log4Shell are highlighted to stress the need for proactive security. Equipped with the insights from this guide, you’ll be able to implement a strategic, data-backed approach to focusing on the most pertinent risks over the barrage of vulnerabilities.

Francesco Cipollone

Phoenix Security Features – July 2023 – Application Security & Vulnerability Management Improvement

The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Improved Management your Vulnerabilities and Assets Display “Closed” vulnerabilities list page Display vulnerability stats in Asset screens Override asset exposure for whole Apps/Envs Filter on-screen dynamic statistical and insights Risk-based Posture Management Update risk formula structure Update Vuln risk formula factors Integrations Configure “vulnerability types” fetched from SonarCloud/SonarQube Users can manually trigger a “scanner refresh” Update Jira tickets when the associated vulnerability is closed Other Improvements Handle large number of items in Treemap chart Improved scanner flow: don’t fetch targets until needed Improved performance of MTTR queries

Alfonso Eusebio

The Securities and Exchange Commission (SEC) proposed a report and consequences

The Securities and Exchange Commission (SEC) has proposed a change regarding cybersecurity disclosures and how they will impact public companies. The rules cover various topics, including cybersecurity, environmental, social, and governance issues. The proposed changes will reshape the cybersecurity function, with increased expectations around incident disclosure and response, board-level involvement, and supply chain scrutiny.

Francesco Cipollone

Understanding OpenSSH’s Agent Forwarding CVE-2023-38408: A Comprehensive Guide

Explore the critical OpenSSH vulnerability, CVE-2023-38408, and learn how to safeguard your systems effectively. This guide provides an in-depth look at the vulnerability, its potential impact, and detailed steps to mitigate its risks. Discover how tools like Phoenix Security’s Vulnerability and Asset Management can help prioritize and act on such vulnerabilities swiftly

Francesco Cipollone

CVE-2023-3519 Update on Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)

CVE-2023-3519 Update on Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway) details on vulnerability timeline and compromise

Francesco Cipollone

CVE API is changing. What are the new feature for vulnerability management and application security?

CVE API is being used by vulnerability management programs and application security programs to prepare for CVSS v4/ CVSS4 and CISA KEV FIRST new API format CVE JSOn v5 is being published and deprecate the previous V4

Alfonso Eusebio

Phoenix Security Features – June 2023 – Application Security & Vulnerability Management Improvement

New Features release Manage your Vulnerabilities and AssetsVulnerability Filtering and SortingLocation column in Vulnerabilities list, Default Configuration for Context RulesCustomisation of the number of tickets per backlog Productivity and User ExperienceLoading indicators and other usability improvements, More efficient use of space in Vulns tables IntegrationsTenable.io VM integrationUnified scanner integrations pageOutbound Vulnerability API (preview)

Alfonso Eusebio