Israeli application security startup Backslash Security Inc. today announced the general availability of its application security posture management platform for enterprise AppSec and product security teams.

The solution weaves ASPM capabilities with core AppSec functions, including software composition analysis, static application security testing, software bill of materials, vulnerability exploitability exchange and secrets detection in a single, visualized platform.

The solution seamlessly detects vulnerabilities across multiple fronts and offers built-in technology to prioritize them according to their reachability and exploitability. By integrating native risk assessment with reachability analysis, the platform unearths concealed risks and provides a comprehensive view of the highest-risk vulnerabilities and their real-world impact.

Backslash says that it designed the platform to address the issues wherein most AppSec professionals spend half or more of their time chasing vulnerabilities. The sheer volume of vulnerabilities flagged across multiple siloed tools is claimed to overwhelm a typical AppSec team and fixing the most critical security risks is increasingly challenging without the ability to prioritize.

Backslash’s APSM platform alleviates these issues by providing an integrated, continuous and holistic view of an organization’s application security posture.

Key features of Backslash’s platform include in-depth reachability analysis, which prioritizes the most pressing open-source software and code vulnerabilities. By focusing on risks that are genuinely reachable and exploitable, security teams can streamline their efforts and drastically reduce false alerts.

Native security analysis detection integrates into the platform, providing AppSec and product security teams with a unified perspective on critical risks. The platform highlights toxic flow analysis to combat alert fatigue and to ensure that teams address the most pressing vulnerabilities first.

Automated vulnerability and threat modeling in the platform gives users an immediate visual representation of their application’s security posture. When remediation is required, the platform targets the most appropriate developer for each code fix, backed by clear evidence, thus expediting the mean time to recovery.

“Backslash draws inspiration from the agile workflows we see in software development — just as devs have shortened and streamlined their cycles, we can now shorten and streamline ours,” co-founder and Chief Executive Shahar Man said ahead of the announcement. “The power to continuously prioritize the most critical, reachable vulnerabilities will enable AppSec to keep pace with their dev counterparts.” 

Photo: Backslash