BackSlash’s new ASPM combines existing AppSec with context-based risk prioritization

Application code security provider BackSlash has announced a new application security posture management (ASPM) platform to combine its existing application security (AppSec) capabilities with a few new ones.

The new platform will pack BackSlash’s existing AppSec solutions including software component analysis (SCA), static application security testing (SAST), software bill of materials (SBOM), vulnerability exploitability exchange (VEX), and secrets detection, within a holistic ASPM offering, aimed specifically to focus on risk prioritization.

“Most AppSec professionals spend 50% or more of their time chasing vulnerabilities,” BackSlash said in a press release. “The sheer volume of vulnerabilities flagged across multiple costly and siloed tools overwhelms the typical AppSec team, and fixing the most critical security risks is increasingly challenging without the ability to prioritize.”

The ASPM platform is generally available at launch and can also be availed on the AWS Marketplace.

BackSlash fuses “reachability analysis” into existing stack

BackSlash recently announced a cloud-native AppSec solution aimed at identifying toxic code flows and automating threat models. The new ASPM is intended to provide an integrated, continuous view of an organization’s AppSec posture to help prioritize risks.

“Backslash is approaching application security from a risk-prioritization security posture standpoint to help security teams and developers work more efficiently,” said Melinda Marks, senior analyst at ESG. “This is a clever way to enable risk mitigation and application protection with a hacker point of view with what they are calling ‘reachability analysis.”

BackSlash’s new reachability analysis will constitute the core offering of the ASPM platform by attempting to prioritize the most critical open source software vulnerabilities and code vulnerabilities by pinpointing risks that are actually reachable and exploitable. This, according to BackSlash, will drastically reduce alert noise and allow security teams to focus on genuine threats.

“The top challenge for security operations is the change velocity with the speed and volume of software releases, so having a more efficient way to manage remediation can help teams mitigate risk to prevent security incidents,” Marks added.

BackSlash promises contextual risk analysis

BackSlash’s new ASPM will inherit its existing toxic flow analysis capability that allows the product to identify, on average, one critical toxic flow for every 100 security alerts produced by the AppSec tools. This is done through risk-based vulnerability management (RBVM) wherein BackSlash prioritizes risks based on their exposure and business context.

“Context and efficiency are now key to help security teams scale with modern application development,” Marks said. “Organizations are moving to consolidation and platform approaches. So, instead of using separate siloed tools, they are looking for integrated platforms that can pull in data from multiple sources to give them the context needed to prioritize risk.”

The new ASPM will also feature a “remediation at the root” capability, which will allow it to target the right developer for each code fix, with evidence to reduce remediation and triage MTTR (mean time to recovery).