Habr4d ago

Утопали в дефектах, пока собирали «единое окно»

«У нас было два пакета findings SAST’а, семьдесят пять CVE с критичностью — Critical, пять дублей одной и той же CVE в разных сервисах, пол солонки false positive и целая россыпь уязвимостей всех сортов и расцветок: SQLi, XSS, SSRF, RCE, IDOR, утекшие секреты, misconfigs в Kubernetes, написанные человеком, который явно не планировал дожить до аудита. Кроме того, у нас были изменения, сгенерированные AI-ассистентами, забытые исключения в проверках доступа, временные обходные решения, давно ставшие частью архитектуры, два отчета пентеста, тысячи задач и дашборд, который краснел так, будто видел все наши будущие инциденты сразу. Не то чтобы это был необходимый запас для управления безопасностью приложений, но если уж ты решил строить ASPM через агрегацию всего подряд, рано или поздно ты оказываешься именно в такой машине — на полной скорости, без карты, с разработчиками на заднем сидении, которые только и спрашивают: “Что из этого реально надо исправлять?”». Всем привет! Меня зовут Артем Пузанков, я руководитель отдела консалтинга безопасной разработки в Бастионе. Сегодня хотелось бы порефлексировать с вами про управление состоянием безопасности приложений, ASPM, AI-generated код и AppSec. Эта статья о том, почему будущее ASPM не в том, чтобы собрать все дефекты в «единое окно», а в том, чтобы сопоставить обнаруженные находки, проверить достижимость и отделить реальные угрозы от шума (читай технического долга).

https://habr.com/ru/companies/bastion/articles/1031884/

#aspm #devsecops #application_security #ssdlc #безопасная_разработка #информационная_безопасность #AI_в_кибербезопасности #управление_уязвимостями #безопасность_приложений

Утопали в дефектах, пока собирали «единое окно»

«У нас было два пакета findings SAST’а, семьдесят пять CVE с критичностью — Critical, пять дублей одной и той же CVE в разных сервисах, пол солонки false positive и целая россыпь уязвимостей всех...

Хабр
Xygeni SecurityMar 27
🏆 Award-winning Application Security Posture Management.
Xygeni has been recognized at the #GlobalInfosecAwards for 𝗫𝘆𝗴𝗲𝗻𝗶 𝗔𝗦𝗣𝗠.
https://xygeni.io/aspm-application-security-posture-management/
#ASPM #ApplicationSecurity #AppSec #DevSecOps
Whitespots.ioMar 18
The DevSecOps bullshit bingo
Why CI-based security scanning is a broken architecture — and how autonomous security control planes eliminate pipeline dependency, hidden DevOps costs, and tool fragmentation.
https://whitespots.io/blog/the-devsecops-bullshit-bingo
#applicationsecurity #ASPM #AppSec
The DevSecOps bullshit bingo - Blog - Whitespots.io

Why CI-based security scanning is a broken architecture — and how autonomous security control planes eliminate pipeline dependency, hidden DevOps costs, and tool fragmentation.

Whitespots.io
Whitespots.ioMar 2
Success Story Whitespots: How iGaming Platform Scaled AppSec from 80 Assets/Year to 30k+ in 15 Minutes
How a global iGaming White-Label provider replaced a year of failed DevSecOps with Whitespots Portal — achieving 99% automation, 1M+ vulnerability handling, and real-time security visibility across 30k+ assets.
https://whitespots.io/blog/success-story-igaming
#applicationsecurity #ASPM #AppSec
Success Story Whitespots: How iGaming Platform Scaled AppSec from 80 Assets/Year to 30k+ in 15 Minutes - Blog - Whitespots.io

How a global iGaming White-Label provider replaced a year of failed DevSecOps with Whitespots Portal — achieving 99% automation, 1M+ vulnerability handling, and real-time security visibility across 30k+ assets.

Whitespots.io
EveryTechEverAug 10, 2025

Palo Alto Networks just launched Cortex Cloud ASPM, a 'prevention-first' platform to stop risks before they hit production. A game-changer for DevSecOps. #EveryTechEver #PaloAltoNetworks #Cortex #ASPM #DevSecOps #CloudSecurity #Cybersecurity

https://everytechever.com/palo-alto-networks-redefines-application-security-with-new-aspm-platform/

Palo Alto Networks Redefines Application Security with New ASPM Platform | EveryTechEver

Palo Alto Networks launches Cortex Cloud ASPM, an Application Security Posture Management platform that stops risks before production.

EveryTechEver
ActiveStateFeb 26, 2025
Are your vulnerabilities truly managed? ActiveState’s blog on Intelligent Remediation dives into the 'last mile' of vulnerability management, offering insights on how to move from discovery to action. Secure your software supply chain, empower your developers, and streamline your processes. Don’t let vulnerabilities hold you back—find out how to take action today! https://www.activestate.com/blog/intelligent-remediation-the-last-mile-of-vulnerability-management/ #ASPM #DevSecOps #OpenSource
Intelligent Remediation: The Last Mile of Vulnerability Management

Stop just identifying vulnerabilities and start fixing them. ActiveState's Intelligent Remediation delivers actual fixes, not just task lists. Leverage our open source expertise and AI to prioritize and resolve vulnerabilities faster, freeing your team to focus on what matters most: your code.

ActiveState
ActiveStateFeb 24, 2025

Are you ready to take your open-source management to the next level? ActiveState's latest blog explores how ASPM, powered by intelligent remediation, can transform your enterprise's approach to security and efficiency. Move beyond mere discovery to actionable solutions that safeguard your software supply chain.

Dive in to see how you can enhance your enterprise's resilience and productivity. https://www.activestate.com/blog/power-up-aspm-with-intelligent-remediation-moving-beyond-discovery-to-action/

#ASPM #OpenSource #Security

Power Up ASPM with Intelligent Remediation: Moving Beyond Detection to Action

A practical guide to leveraging intelligent remediation with ASPM to improve your software supply chain security.

ActiveState
ActiveStateJan 31, 2025

🔒 Secure your software supply chain with ASPM! ActiveState's ASPM solution empowers your enterprise with visibility, compliance, and security across the SDLC. Automate vulnerability management, streamline compliance, and enhance your security posture. Discover how ASPM can transform your open source management today!

https://www.activestate.com/blog/application-security-posture-management-for-vulnerability-management/

#ASPM #OpenSource #SoftwareSecurity #ActiveState

Enhance Software Supply Chain Security (SSCS) with Application Security Posture Management (ASPM)

Discover the critical role ASPM plays in vulnerability management and compliance for dev and security teams.

ActiveState
ActiveStateJan 31, 2025

👋 Hello Mastodon! We're thrilled to join the community. At ActiveState, we revolutionize open source management with our platform, enhancing Application Security Posture Management (ASPM) for secure software supply chains. Gain insights, automate compliance, and integrate seamlessly with your workflows.

Let's secure your enterprise together! 🌐 #opensource #ASPM #softwaredevelopment

Melinda MarksOct 30, 2023
It's taken me almost a year to write (and edit) my rant about categories and acronyms in cybersecurity. Which acronyms or categories annoy you the most? Security teams don't need more tools, they need efficient ways to mitigate risk and respond quickly to threats or attacks - especially now to keep up with faster development cycles.
https://www.techtarget.com/searchsecurity/opinion/Cloud-native-app-security-Ignore-acronyms-solve-problems
#cloudsecurity #applicationsecurity #appsec #cspm #sast #dast #iast #sca #sbom #ciem #asoc #dspm #aspm #cnapp #cdr #mdr #itdr #ndr #mdr #xdr #edr #cnapp #wapp #devsecops #cybersecurity #infosec #ciso #cso
Cloud-native app security? Ignore acronyms, solve problems | TechTarget

Instead of building a security strategy around lists of acronyms or categories, learn how to solve problems more efficiently.

Security