Oxeye Introduces CNAST
December 13, 2021

Oxeye announced the company’s Cloud Native Application Security Testing Platform (CNAST).

The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.

The Oxeye CNAST approach is focused on contextual analysis to point out the exploitable vulnerabilities and secrets. This includes analyzing all potential risks, deep mapping of all app components and how they communicate with each other, lightweight fuzzing for active validation and enrichment of the underlying container, cluster and cloud configurations.

Oxeye CNAST is centered on the cloud native segment of the AST market, which is rapidly accelerating as AppSec and DevSecOps professionals scramble to protect more than 500 million cloud-native apps expected to be deployed by 2023. To secure these applications, developers will need to conduct testing and be absolutely sure they remain safe throughout deployment. Oxeye supports scalable, ever-changing environments and automatically adapts to changes for an agile testing scope without changes to code or the need to manually intervene.

Oxeye’s vulnerability profiling helps prioritize the most urgent areas to focus on, leveraging powerful capabilities that include:

- Complete Cloud Native Application Security Testing for Modern Architectures – Oxeye analyzes code across microservices to identify code vulnerabilities and other critical issues as part of the software development lifecycle for clear guidance that enables accurate remediation.

- Multi-Layer/Multi-Service Identification of Exploitable Vulnerabilities

- Provides Runtime Code Analysis without the need for changes to application code, Vulnerable Flow Analysis to detect vulnerabilities across application microservices, and Active Validation with automatic creation and execution of security tests to validate vulnerabilities prior to reporting.

- Contextual Risk Assessment - Enriches data with infrastructure configuration information from the container, cluster, and cloud layers to calculate risks based on Internet accessibility, sensitive data processing, flawed configuration, etc.

- Clear Remediation Guidance for Developers – Provides developers with application analysis in runtime to reproduce each step of vulnerability exploitation, delivery of the exact line of code where the vulnerability has been executed, and vulnerability flow visibility for accurate execution flow tracing that allows for fast identification and remediation of actual issues.

“Pieces of code are located literally everywhere throughout cloud native applications,” said Dean Agron, Co-Founder and CEO of Oxeye. “The Oxeye platform provides a single unified platform for modern application security testing, providing highly accurate vulnerability testing prior to production. With it, users gain access to the most prominent, automated security risk testing solution for all important stages of software development.”

Oxeye Cloud Native AST will be generally available in Q1, 2022.

Share this

Industry News

January 26, 2022

Puppet announced a new competency-based global channel partner program for the company’s almost-200 worldwide channel partners that operate across 35 countries.

January 26, 2022

Weaveworks announced the acquisition of Magalix.

January 26, 2022

WhiteSource released an Azure DevOps repository integration, allowing Azure DevOps users to detect all open source components and automatically enforce security policies directly from their repository.

January 25, 2022

DataOps.live and Okera, the Universal Data Authorization company, announced a strategic partnership to increase the speed and security of sensitive data workloads running on the Snowflake Data Cloud Platform.

January 25, 2022

ConvergeOne released a Cyber Recovery as a Service (CRaaS) solution that utilizes innovative technologies from Dell Technologies and Amazon Web Services (AWS).

January 25, 2022

ArmorCode secured an additional $8 million in seed financing.

January 24, 2022

Oracle achieved FedRAMP High Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) for an expanded set of Oracle Cloud Infrastructure (OCI) services.

January 24, 2022

Prophecy, the enterprise low-code data engineering platform that brings the speed of DevOps to data engineering, raised a $25 million Series A round.

January 20, 2022

Progress announced the R1 2022 release of Progress Telerik and Progress Kendo UI, powerful .NET and JavaScript UI libraries for app development.

January 20, 2022

CodeSee raised $7 million in additional funding, bringing the company’s raised total to $10 million.

January 20, 2022

Bugsnag now supports Unreal Engine by Epic Games used to develop 3D games, and Electron, a framework to build cross-platform desktop apps in JavaScript running on Windows, macOS, and Linux.

January 19, 2022

Dell Technologies introduced multi-cloud capabilities that offer a consistent experience wherever applications and data reside.

January 19, 2022

Harness announced that it is opening the CD component of its DevOps platform, which is now free and accessible under a source-available license, complementing its CI platform, which is already available under an open source license.

January 19, 2022

The latest offering from Plutora, the Test Environment QuickStart Bundle, takes an agile approach to evolving DevOps practices.

January 18, 2022

Appvance has secured $13 million in Series C funding to accelerate global expansion and product roadmap development.