Oxeye CNAST Platform Provides Contextualized Risk Assessment for Cloud Native Applications
Oxeye announced the company’s Cloud Native Application Security Testing (CNAST) platform. The new platform identifies code vulnerabilities, open source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, providing clear guidance for precise remediation.
According to Gartner’s 2021 Magic Quadrant for Application Security Testing, “Modern application design and continued adoption of DevSecOps broadens the reach of the AST market. Security and risk managers can meet tighter deadlines and test more complex applications by seamlessly integrating and automating AST into the software delivery lifecycle.
However, unlike traditional AST, security testing of cloud native applications requires a different approach. The one who provides a context by enriching the surrounding application components. Unlike SAST, DAST, IAST and SCA, the Oxeye CNAST approach focuses on contextual analysis to pinpoint vulnerabilities and exploitable secrets.
This includes analysis of all potential risks, an in-depth mapping of all the components of the application and how they communicate with each other, a light fuzz for active validation and enrichment of the underlying configurations of the container. , cluster and cloud.
Oxeye CNAST is focused on the cloud native segment of the AST market, which is rapidly accelerating as AppSec and DevSecOps professionals scramble to protect more than 500 million cloud native applications expected to be deployed by 2023. To secure these applications, developers will need to test and be absolutely sure that they remain secure throughout the deployment. Oxeye supports scalable and ever-changing environments and automatically adapts to changes for agile testing scope without modifying the code or needing to intervene manually.
Oxeye’s vulnerability profiling helps prioritize the most urgent areas to focus on, leveraging powerful capabilities that include:
- Complete security testing of cloud native applications for modern architectures – Oxeye analyzes code across microservices to identify code vulnerabilities and other critical issues as part of the software development lifecycle for clear guidance that enables precise remediation.
- Multilayer / multiservice identification of exploitable vulnerabilities – Provides runtime code analysis without the need to modify application code, vulnerability flow analysis to detect vulnerabilities in application microservices, and active validation with automatic creation and execution of security testing to validate vulnerabilities before reporting.
- Contextual risk assessment – Enrich data with configuration information from container infrastructure, cluster and cloud layers to calculate risk based on internet accessibility, handling of sensitive data, defective configuration, etc.
- Clear remediation tips for developers – Provides developers with run-time application analysis to replicate every step of vulnerability exploitation, delivery of the exact line of code where the vulnerability was executed, and visibility of the vulnerability flow for a Accurate execution flow tracing that enables rapid identification and resolution of real problems.
“Pieces of code can be found literally everywhere in cloud native applications,” said Dean Agron, co-founder and CEO of Oxeye. “The Oxeye platform provides a single unified platform for modern application security testing, providing highly accurate vulnerability testing before production. With it, users have access to the most important automated security risk testing solution for all important stages of software development. “
Pricing and availability
Oxeye Cloud Native AST will generally be available in Q1 2022.