Application security testing startup Oxeye Ltd. today announced the general availability of its Cloud Native Application Security Testing platform.

Debuted at KubeCon 2022, the platform identifies custom code and open-source vulnerabilities and software secrets to reveal the critical, exploitable security issues as an integral part the software development lifecycle. The platform is said to deliver developers and application security teams clear insights that accelerate proper mitigation.

Oxeye argues that with many organizations today hosting application workloads in the cloud, it’s imperative that application security be implemented to accommodate the unique security requirements of cloud-based applications. The Oxeye Cloud Native Application Security Testing platform is built from the ground up with the agility and scale of cloud infrastructure to address the pervasive number of vulnerabilities materializing in these environments.

Features of the platform include support for cloud-native application software bill of materials. Delivered through integration into each application, the platform provides users with an elaborate software bill of materials, from deep within cloud-native environments.

The platform analyzes application code across microservices to identify code vulnerabilities, vulnerable third-party packages and hard-coded secrets as part of the software development lifecycle, with an aim to provide clear guidance that enables proper remediation. Multilayer and multiservice identification of exploitable vulnerabilities enables runtime code analysis with no code changes. Vulnerable flow analysis can detect vulnerabilities across application microservices and active validation with automatic creation and execution of security tests to validate vulnerabilities before reporting.

With contextual risk assessment, the platform enriches data with infrastructure configuration information from the container, cluster and cloud layers to calculate risks based on internet accessibility, sensitive data processing and flawed configuration.

Finally, the platform offers clear remediation guidance for developers with application analysis in runtime. This reproduces each step of vulnerability exploitation, delivery of the exact line of code where the vulnerability is executed and vulnerability flow visibility for accurate execution flow tracing that allows for fast identification and remediation of actual issues.

“Modern applications introduce major challenges to Application Security leaders, with prioritization, visibility and collaboration on top,” Dean Agron, co-founder and chief executive officer of Oxeye, said in a statement. “The powerful solution greatly reduces security risk throughout every stage of software development and deployment, alongside providing clear visibility into the application structure and building blocks.”

Image: Oxeye