www.oxeye.io Open in urlscan Pro
34.251.201.224  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Product
Resources
Open SourceBlogIn The News
Company
About UsEventsCareersPress Releases
Contact Us
Try OxeyeWatch Demo




STOP WASTING TIME ON UNEXPLOITABLE VULNERABILITIES

A simple 2 minute deployment could save your AppSec and Dev teams thousands of
hours a year and tens of thousands of $$$ on tools. Built for cloud-native
applications.

Watch DemoGet Solution Brief

OXEYE FILTERS VULNERABILITIES IN FOUR STEPS

Oxeye provides contextualized vulnerability results by combining static and
runtime analysis and the functions of SAST, DAST and SCA into a single tool.
We find all custom code, open source and third party package vulnerabilities,
then perform the following to remove vulnerabilities that can’t be exploited.

Find and determine which vulnerable open source and third party packages are
loaded and used, and filter out the ones that aren't.

Filter vulnerabilities that cannot be accessed from the Internet, whether
directly or indirectly.

Refine further by adding infrastructure configuration data.

Perform active validation by fuzzing the exploitable APIs.

See how Oxeye works



SEE THE APPSEC ISSUES THAT REALLY MATTER


FOCUS ON CRITICAL VULNERABILITIES

Oxeye shows you the custom code, open source and third party package
vulnerabilities that you should prioritize.


DETECT VULNERABILITIES OTHER TOOLS MISS

Oxeye’s vulnerable flow analysis reveals critical vulnerabilities that legacy
SAST, DAST and SCA simply miss.





THE LICENSE TO CHILL

We detect non-compliant licenses used in your open source packages, and
categorize them according to risk levels to help you avoid legal issues.


KEEP YOUR SECRETS SECRET

Oxeye discovers hardcoded secrets in your applications so you don't
inadvertently give away the keys (and the passwords) to the kingdom.




FIX VULNERABILITIES QUICKLY WITH INFORMATION YOUR DEV TEAM NEEDS


CODE SNIPPET

See the view of source to sync from the user input to the dangerous function,
and the specific line of code where the vulnerability resides.


STACKTRACE

See all the functions that were called during the execution of the vulnerability
for additional context and clarity during the remediation process.


VULNERABILITY FLOW

Trace the path of vulnerabilities, from the externally-facing API, to the
internal service that's vulnerable, even if the service is not directly
accessible from the Internet.
Source
channel.basicConsume(QUEUE_NAME, true, deliverCallback, consumerTag -> {;
});
System.out.println("[*] Waiting for messages. To exit press CTRL+C");
Propagation
DeliverCallback deliverCallback = (consumerTag, delivery) -> {;
           String jsonString = new String(delivery.getBody(),
StandardCharsets.UTF_8);
           try {
               JSONObject obj = new JSONObject(jsonString);
               PutMessage(conn, obj.getString("title"),
obj.getString("description"), obj.getInt("price"));
           } catch (JSONException | SQLException e) {
               System.err.println("[!] Caught an exception handling message -
\"" + jsonString + "\"");
               e.printStackTrace();
           }
       };
Sink
private static void PutMessage(java.sql.Connection conn, String title, String
description, int price) throws SQLException {
       Statement st = conn.createStatement();
       st.executeUpdate("INSERT INTO public.items (\"title\", \"description\",
\"price\") values ('" + title + "', '" + description + "', '" + price + "');");
       System.out.println("[*] Item added: title: \"" + title + \"",
Description: \"" + description + "\", Price: " + price);
   }
java.base/java.lang.Thread.run(Thread.java:829)
com.rabbitmq.client.impl.ConsumerWorkService$WorkPoolRunnable.run(ConsumerWorkService.java:104)
com.rabbitmq.client.impl.ConsumerDispatcher$5.run(ConsumerDispatcher.java:149)
com.rabbitmq.client.impl.recovery.AutorecoveringChannel$2.handleDelivery(AutorecoveringChannel.java:588)
com.dvcna.queue_dispatcher.RequestHandler.lambda$main$0(RequestHandler.java:47)
com.dvcna.queue_dispatcher.RequestHandler.PutMessage(RequestHandler.java:24)
org.postgresql.jdbc.PgStatement.executeUpdate(PgStatement.java:258)
io.opentelemetry.javaagent.shaded.instrumentation.api.instrumenter.Instrumenter.start(Instrumenter.java:195)
io.opentelemetry.javaagent.shaded.io.opentelemetry.context.Context.with(Context.java:169)
com.example.javaagent.instrumentation.InstrumentationUtil.generateCallStack(InstrumentationUtil.java:16)



CODE SNIPPET

See the view of source to sync from the user input to the dangerous function,
and the specific line of code where the vulnerability resides.
Source
channel.basicConsume(QUEUE_NAME, true, deliverCallback, consumerTag -> {;
});
System.out.println("[*] Waiting for messages. To exit press CTRL+C");
Propagation
DeliverCallback deliverCallback = (consumerTag, delivery) -> {;
           String jsonString = new String(delivery.getBody(),
StandardCharsets.UTF_8);
           try {
               JSONObject obj = new JSONObject(jsonString);
               PutMessage(conn, obj.getString("title"),
obj.getString("description"), obj.getInt("price"));
           } catch (JSONException | SQLException e) {
               System.err.println("[!] Caught an exception handling message -
\"" + jsonString + "\"");
               e.printStackTrace();
           }
       };
Sink
private static void PutMessage(java.sql.Connection conn, String title, String
description, int price) throws SQLException {
       Statement st = conn.createStatement();
       st.executeUpdate("INSERT INTO public.items (\"title\", \"description\",
\"price\") values ('" + title + "', '" + description + "', '" + price + "');");
       System.out.println("[*] Item added: title: \"" + title + \"",
Description: \"" + description + "\", Price: " + price);
   }

STACKTRACE

See all the functions that were called during the execution of the vulnerability
for additional context and clarity during the remediation process.
java.base/java.lang.Thread.run(Thread.java:829)
com.rabbitmq.client.impl.ConsumerWorkService$WorkPoolRunnable.run(ConsumerWorkService.java:104)
com.rabbitmq.client.impl.ConsumerDispatcher$5.run(ConsumerDispatcher.java:149)
com.rabbitmq.client.impl.recovery.AutorecoveringChannel$2.handleDelivery(AutorecoveringChannel.java:588)
com.dvcna.queue_dispatcher.RequestHandler.lambda$main$0(RequestHandler.java:47)
com.dvcna.queue_dispatcher.RequestHandler.PutMessage(RequestHandler.java:24)
org.postgresql.jdbc.PgStatement.executeUpdate(PgStatement.java:258)
io.opentelemetry.javaagent.shaded.instrumentation.api.instrumenter.Instrumenter.start(Instrumenter.java:195)
io.opentelemetry.javaagent.shaded.io.opentelemetry.context.Context.with(Context.java:169)
com.example.javaagent.instrumentation.InstrumentationUtil.generateCallStack(InstrumentationUtil.java:16)

VULNERABILITY FLOW

Trace the path of vulnerabilities, from the externally-facing API, to the
internal service that's vulnerable, even if the service is not directly
accessible from the Internet.



ALL THAT YOU EXPECT FROM A MODERN APPSEC SOLUTION


VISIBILITY, VISIBILITY, VISIBILITY

Find and determine which vulnerable open source and third party packages are
loaded and used, and filter out the ones that aren't. See the path
vulnerabilities take, from API to code.


REDUCE TIME SPENT TRIAGING AND REMEDIATING

Only focus remediation efforts on exploitable vulnerabilities in custom code,
and open source and third party packages. Get clear information on where the
vulnerabilities are in code.


A SINGLE TOOL. ONE SET OF RESULTS AND ONE PRICE.

Get a single reference point for both application security and dev teams, and
eliminate issues of complexity and cost from piecing together multiple,
disjointed tools.

"Legacy SAST, DAST, and IAST solutions are not effective in detecting
vulnerabilities in modern cloud native applications. The unique challenges
presented by the dynamic and distributed nature of these environments require
new security tools and approaches. To effectively protect against the evolving
threat landscape, organizations must adopt modern security solutions
specifically designed for cloud native applications."

Ory Segal

CTO Prisma Cloud at Palo Alto Networks



"One of the unique features of Oxeye, in comparison to other SAST tools, is its
ability to provide a curated view of code issues based on the actual code paths
executed by our application at runtime. This approach allows for a more targeted
and efficient resolution of issues, resulting in better code hygiene."

Omer Azaria

VP of Research and Development at Sysdig



"Chasing down all vulnerabilities is unscalable. High risk-reduction ROI comes
from context-based prioritization & remediation of security vulnerabilities."

Srinath Kuruvadi

Head of Cloud Security at Netflix









REALIZE THE TRUE PROMISE OF SHIFTING LEFT

Eliminate uncertainty from the application security process, and save your
development and AppSec teams time.

See a Demo


Product
Resources
Open SourceBlogIn The News
Company
About UsEventsCareersPress Releases
Receive Updates


2023 All rights reserved
Privacy PolicyTerms of Service

This website uses cookies. We use cookies to ensure that we give you the best
experience on our website. Learn More
Ok, Got it!