Latest news with #DAST
Associated Press
24-04-2025
- Business
- Associated Press
CyCognito Joins Wiz Integrations (WIN) Platform
Joint Integration Takes Outside-In Testing View to Identify and Prioritize Cloud Risks PALO ALTO, Calif., April 24, 2025 /PRNewswire/ -- CyCognito, the leader in external exposure management, today announced its partnership with leading cloud security provider Wiz and joins Wiz Integrations (WIN). The integration, launching at the RSA Conference, enables joint customers to combine the visibility and coverage of Wiz's CNAPP with the power of continuous Dynamic Application Security Testing (DAST) and external asset discovery across global organizations—ultimately enabling enhanced cloud security coverage. There are a number of critical visibility gaps that can compromise a company's security posture in the cloud. Human error in account mapping and CSPM configuration creates dangerous blind spots. Enterprises struggle with unmanaged workloads outside security controls, while M&A introduces subsidiary assets with inconsistent standards. Vendor-transitioned projects contain undocumented vulnerabilities, and third-party services extend the attack surface beyond your perimeter. All of these gaps create exploitable weaknesses that threat actors actively target. CyCognito addresses these challenges through seedless discovery that automatically identifies unmanaged cloud instances where traditional security tools fall short. By providing an attacker's perspective from outside your network, CyCognito reveals both sanctioned and unsanctioned environments without requiring cloud service provider APIs. Its external attack surface management approach complements CNAPP strategies by providing visibility into coverage gaps and giving cloud security teams visibility into assets they didn't know existed. This comprehensive view enables effective management of dynamic cloud environments. CyCognito uses DAST to examine running apps for vulnerabilities. CyCognito enables organizations to reach their ideal app sec goals by testing from the network edge—through the infrastructure—and into the application. CyCognito addresses the testing gaps that, until now, organizations have struggled to close. 'By integrating with Wiz, we're bringing the attacker's perspective directly into cloud security programs,' said Randy Streu, SVP Global Channels & Alliances, CyCognito. 'This partnership empowers security teams with both internal and external visibility—combining Wiz's deep cloud-native context with our continuous external discovery to help teams surface, prioritize, and respond to the risks that matter most.' Mutual customers receive the following benefits: The integration with Wiz supports a modern cloud security operating model, where security and cloud teams work together across the entire development lifecycle. Wiz's unified platform delivers code-to-cloud context to reduce the attack surface—using shared policies to stop risks earlier in the SDLC and ensure posture is enforced in production. With Wiz Defend, teams can also detect and respond to real-time threats in their cloud environments, enabling complete visibility and control across code, cloud, and runtime. 'We're excited to welcome CyCognito to the Wiz Integration Network,' said Oron Noah, VP of Product, Extensibility & Partnerships at Wiz. 'By combining CyCognito's continuous DAST and external asset discovery with Wiz's comprehensive code-to-cloud context and real-time threat detection, we're enabling our customers to proactively identify exposures, prioritize critical risks, and strengthen their cloud security posture across the entire development lifecycle.' To learn more about the CyCognito-Wiz integration at RSA, please visit booth #3110. To see how this integration empowers cloud security teams with greater visibility and control, please visit the dedicated blog page. About CyCognito CyCognito is an external exposure management platform that discovers, tests, and prioritizes security risks. The platform provides the deepest, most accurate mapping of external attack surfaces without manual effort or seed inputs, and conducts 80,000+ security tests to identify critical vulnerabilities before attackers can exploit them. Trusted by Fortune 500 companies and government agencies, CyCognito reduces remediation time from months to days. Learn more at View original content: SOURCE CyCognito
Business Wire
24-04-2025
- Business
- Business Wire
Detectify Redefines AppSec Testing with Intelligent Scan Recommendations
STOCKHOLM & BOSTON--(BUSINESS WIRE)-- Detectify, the advanced application security testing platform for evolving attack surface coverage, today announced the launch of its new Asset Classification and Scan Recommendations capabilities. This innovation directly addresses a critical challenge for security teams: knowing what else, beyond their core applications, requires in-depth testing. The new features automatically classify discovered web assets based on attacker reconnaissance techniques and deliver recommendations on where to run DAST, helping organizations bridge the gap between broad and deep vulnerability testing across their entire attack surface. It's time to break the illusion of coverage. The days of blindly deploying DAST and chasing shadows are over. Share Security teams know they must test their main applications, but they often wonder which other assets to cover. Detectify reveals a significant gap in web app testing: on average, organizations miss testing 9 out of 10 of their complex web apps. Alarmingly, over half of organizations miss all their valuable apps when getting started with scanning, reflecting their uncertainty about where to deploy scans. This challenge affects organizations regardless of size; even those with fewer than 10 valuable web apps typically test only about 30% of them, and coverage declines as their attack surface increases, demonstrating a consistent struggle to scale AppSec testing on targets attractive to attackers. Detectify's newly announced capabilities address this challenge directly by integrating intelligence into its platform. This enables customers to easily identify and swiftly act on their complex web applications, seeing both the forest, which represents their entire attack surface, and the trees, symbolizing each web app. The new capabilities include: Asset Classification: Analyzes and categorizes all web assets discovered by Detectify, focusing on the presence of specific attributes that can indicate the purpose of each app (e.g., libraries, forms, body length, certain headers). This reflects insights from Detectify's continuous monitoring with an approach that mimics attacker reconnaissance. As new web apps emerge without the security teams' knowledge, this feature enables them to identify and categorize assets for further investigation and testing. Scan Recommendations: Provides intelligent suggestions for web apps to test based on their classification and attractiveness to attackers. It identifies which apps need thorough testing, particularly through deep crawling and fuzzing with DAST, utilizing insights from the Detectify Crowdsource community of ethical hackers and AI-driven assessments from Detectify Alfred. 'It's time to break the illusion of coverage. Attackers thrive on the discrepancy between what you believe you're exposing and what you're actually exposing," said Rickard Carlson, CEO at Detectify. 'The days of blindly deploying DAST and chasing shadows are over. We are helping AppSec teams direct their resources toward protecting the targets that actually matter." These capabilities enable AppSec teams to allocate resources confidently, shifting focus from manually guessing what to test, to automatically knowing where the highest risks lie. Organizations can now focus deep DAST scanning efforts where they'll have the most impact while maintaining broad dynamic coverage over their complete attack surface. Scan Recommendations and Asset Classification are being rolled out to Detectify customers in the coming weeks. More information here. About Detectify Detectify sets a new standard for advanced application security testing, challenging traditional Dynamic Application Security Testing (DAST) by providing evolving coverage of each and every exposed asset across the changing attack surface. AppSec teams trust Detectify to expose how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks fuelled by its global community of elite ethical hackers into its own expert-built engines, exposing critical weaknesses before it's too late. Go hack yourself. Visit to learn more.
Associated Press
04-03-2025
- Business
- Associated Press
CloudDefense.AI CEO Anshu Highlights the Importance of Embedding Security into Every Stage of Application Development
'Security isn't a gate at the end of development - it's the foundation for innovation itself.' — Anshu Bansal, CEO of PALO ALTO, CA, UNITED STATES, March 4, 2025 / / -- continues to drive innovation in cloud and application security with expert insights from its CEO, Anshu Bansal, who was recently featured in Forbes. In his latest article, 'How to Seamlessly Embed Security Into Your Application Lifecycle with DevSecOps,' Anshu explores how modern businesses can adopt a proactive security approach by integrating security directly into their software development processes - ensuring both speed and safety in application delivery. As businesses increasingly prioritize faster release cycles and continuous innovation, traditional security practices are no longer enough. Anshu emphasizes that treating security as a final checklist or isolated phase leaves organizations vulnerable to evolving threats. Instead, DevSecOps - the seamless integration of security into development and operations - is becoming essential for businesses aiming to build secure, resilient software without compromising agility. The article breaks down the practical strategies for embedding security across the entire application lifecycle -from initial planning and development to testing, deployment, and ongoing monitoring. By making security everyone's responsibility, from developers to operations and leadership, companies can catch vulnerabilities earlier, reduce costly rework, and create a culture where security enhances innovation rather than slowing it down. Anshu also highlights the growing need for automated security tools that fit directly into developer workflows, ensuring that security checks happen automatically within CI/CD pipelines. By continuously monitoring for risks and aligning security policies across all stages, businesses can proactively defend their applications while keeping pace with today's rapid development demands. For the full Forbes article, click here. About headquartered in Palo Alto, is a complete Cloud-Native Application Protection Platform (CNAPP) that secures the entire cloud infrastructure and applications. Considering the evolving threat landscape, they blend expertise and technology seamlessly, positioning themselves as the go-to solution for remediating security risks from code to cloud. Experience the ultimate protection with their comprehensive suite that covers every facet of your cloud security needs, from code to cloud to cloud reconnaissance. Their catered-for cloud offering includes SAST, DAST, SCA, IaC Analysis, Advanced API Security, Container Security, CSPM, CWPP, and CIEM to the exclusive Hacker's View™ technology - ensures airtight security at every level. Going above and beyond, their innovative solution actively tackles zero-day threats and effectively reduces vulnerability noise by strategically applying various modern techniques. This unique approach delivers up to five times more value than other security tools, establishing them as comprehensive and proactive digital defense pioneers. If you want to learn more about and explore one of the best CNAPPs in the industry, please book a free demo with us or connect with us here at [email protected] X LinkedIn Instagram YouTube Legal Disclaimer:
Yahoo
05-02-2025
- Business
- Yahoo
Astra Security Raises Funding to Simplify Cybersecurity With AI-Driven Pentesting
The company serves over 800 customers with its AI-powered pentest solutions, designed to mimic hacker behavior. CLAYMONT, Del., February 05, 2025--(BUSINESS WIRE)--Astra Security, the security platform with continuous vulnerability scanning and pentests, today announced the closing of a growth capital round—led by Emergent Ventures, with participation from the Neon Fund, Better Capital, Blume Ventures, and PointOne Capital. The funds will accelerate development and build capabilities to uncover vulnerabilities in cloud environments. The company also plans to double down its focus on using AI to give developers and security engineers the ability to build security detections. The company has been building its platform since 2018 while remaining cash-positive. Last year, Astra Security uncovered nearly 5,500 vulnerabilities per day for its customers with its AI-powered pentest platform. This number is expected to increase threefold by the end of the year as cyber threats continue to evolve at an unprecedented pace. With AI, the speed at which code is being shipped rapidly increases. This means attackers have an even larger attack surface area to find vulnerabilities. AI has become equally popular among hackers for finding loopholes at scale, which can lead to more breaches. "The cybercrime landscape is becoming increasingly complex with AI-based attacks," said Shikhil Sharma, co-founder and CEO of Astra Security. "Traditional, periodic pentesting is no longer enough in today's threat environment, and Astra Security is moving more businesses to continuous pentesting to stay ahead of hackers. The engineering world has become agile, collaborative, and automation-driven, but the cybersecurity industry has lagged behind. It's our mission to breathe life into the security space by integrating AI, adopting a hacker's mindset, and making the tech easy and accessible." Over 800 engineering teams in over 70 countries use Astra Security. AI powers the platform and can constantly mimic hacker behavior to check applications for vulnerabilities through fast detections. This includes PTaaS (Penetration Testing as a Service), a DAST vulnerability scanner, and an API Security Platform that all work together to find over 13,000 vulnerabilities. Last year, Astra Security helped its customers discover and prioritize remediation of over two million vulnerabilities. "Security is increasingly shifting to the hands of developers, while security teams find themselves more overwhelmed than ever," said Ananda Krishna, co-founder and CTO of Astra Security. "While pentests have been around for over a decade, they are overdue for an AI-first update—simplifying and streamlining the process. We're focused on removing the frustration of continuous security monitoring so businesses can get on with everything else." Astra Security founders Shikhil Sharma and Ananda Krishna have been hackers and builders for over a decade—first helping big brands like Microsoft, Adobe, AT&T, Yahoo, and Blackberry find critical vulnerabilities in their infrastructure. This led to the creation of Astra Security and the company's focus on an AI-powered platform to bring the cybersecurity industry forward. Astra's growth round totaled $2.7 million. The company is rapidly gaining traction among leading organizations. Last year, more than 25% of their customers were mid-sized and large companies, including Loom, HackerRank, ITC, Olx Autos, Mamaearth, Muthoot Finance, Bonusly Singapore Trade Exchange, Oscilar, University of Cambridge, CompTIA, and Prime Healthcare. About Astra Security Astra Security is a cyber security SaaS company simplifying otherwise chaotic penetration with its Pentest Platform. Astra Security's AI-powered offensive vulnerability scanning engine emulates hacker behavior to scan applications for 10,000+ security tests. CTOs & CISOs trust Astra Security because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra Security's CI/CD integrations. 800+ companies across the globe use Astra Security. Last year, Astra Security uncovered 2,000,000+ vulnerabilities for its customers, saving customers $69M+ in potential losses due to security vulnerabilities. View source version on Contacts Media Contact onboard@ Sign in to access your portfolio
