Wednesday, May 28, 2025
HomeCVE/vulnerabilityOxeye Identifies Vulnerabilities Cloud Native Applications with CNAST Platform

Oxeye Identifies Vulnerabilities Cloud Native Applications with CNAST Platform

Published on

SIEM as a Service

Follow Us on Google News

According to Gartner’s 2021 Magic Quadrant for Application Security Testing, “Modern application design and the continued adoption of DevSecOps are expanding the scope of the AST market. Security and risk management leaders can meet tighter deadlines and test more complex applications by seamlessly integrating and automating AST in the software delivery life cycle.”

Unlike traditional AST, Oxeye’s Cloud Native Application Security Testing Platform (CNAST)identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle. With this important intelligence, the platform delivers clear guidance for fast and accurate remediation.

Far beyond SAST, DAST, IAST and SCA, the Oxeye CNAST approach is focused on contextual analysis to point out the exploitable vulnerabilities and secrets. This includes analyzing all potential risks, deep mapping of all app components and how they communicate with each other, lightweight fuzzing for active validation and enrichment of the underlying container, cluster and cloud configurations.

- Advertisement - Google News

Oxeye CNAST is centered on the cloud native segment of the AST market, which is rapidly accelerating as AppSec and DevSecOpsprofessionals scramble to protect more than 500 million cloud-native apps expected to be deployed by 2023. To secure these applications, developers will need to conduct testing and be absolutely sure they remain safe throughout deployment. Oxeye supports scalable, ever-changing environments and automatically adapts to changes for an agile testing scope without changes to code or the need to manually intervene.

Oxeye’s vulnerability profiling helps prioritize the most urgent areas to focus on, leveraging powerful capabilities that include:

  • Complete Cloud Native Application Security Testing for ModernArchitectures – Oxeye analyzes code across microservices to identify code vulnerabilities and other critical issues as part of the software development lifecycle for clear guidance that enables accurate remediation.
  • Multi-Layer/Multi-Service Identification of Exploitable Vulnerabilities –

Provides Runtime Code Analysis without the need for changes to application code, Vulnerable Flow Analysis to detect vulnerabilities across application microservices, and Active Validation with automatic creation and execution of security tests to validate vulnerabilities prior to reporting.

  • Contextual Risk Assessment – Enriches data with infrastructure configuration information from the container, cluster, and cloud layers to calculate risks based on Internet accessibility, sensitive data processing, flawed configuration, etc.
  • Clear Remediation Guidance for Developers – Provides developers with application analysis in runtime to reproduce each step of vulnerability exploitation, delivery of the exact line of code where the vulnerability has been executed, and vulnerability flow visibility for accurate execution flow tracing that allows for fast identification and remediation of actual issues.

“Pieces of code are located literally everywhere throughout cloud-native applications,” said Dean Agron, Co-Founder, and CEO of Oxeye. “The Oxeye platform provides a single unified platform for modern application security testing, providing highly accurate vulnerability testing prior to production. With it, users gain access to the most prominent, automated security risk testing solution for all important stages of software development.”

Pricing and Availability

Oxeye Cloud Native AST will be generally available in Q1, 2022. Oxeye invites IT professionals interested in learning more to visit https://www.oxeye.io/solution or to schedule a personalized demo at https://www.oxeye.io/get-a-demo.

Latest articles

Evertz SDN Vulnerabilities Enable Unauthenticated Arbitrary Command Execution

A newly disclosed critical vulnerability (CVE-2025-4009) in Evertz’s Software Defined Video Network (SDVN) product...

Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data

Russia’s GRU-backed APT28, widely known as Fancy Bear, has intensified its cyber espionage campaign...

XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code

Citrix has issued a high-severity security bulletin addressing multiple vulnerabilities—CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464—affecting XenServer...

Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers

Mandiant Threat Defense has uncovered a malicious campaign orchestrated by the threat group UNC6032,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Severe WSO2 SOAP Flaw Allows Unauthorized Password Resets for Any Use

A newly disclosed vulnerability, CVE-2024-6914, has shocked the enterprise software community, affecting a wide...

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent...

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...