Release/

January 2024

Features
Highlights

Inspections

A new Inspections feature in Aptori-Sift empowers you to craft test cases tailored to your application's unique business logic, simplifying the process of validating custom policies that address specific aspects of your application.

Inspections are a low-code approach to defining the policies and behaviors Aptori-sift checks. The ability to share Inspections enhances collaboration with the community and among team members. By facilitating the sharing of these policies, it allows for a more efficient exchange of ideas and strategies. This collaborative approach leads to faster identification and implementation of the most suitable policies for your applications and novel attack vectors,  leveraging collective knowledge and experience for better policy formulation and application security.

Real-Time Vulnerability Risk Scoring using EPSS and CVSSv3

The Exploit Prediction Scoring System (EPSS) is an approach to predict the likelihood of a given vulnerability being exploited in the wild. Produced by the Forum of Incident Response and Security Teams (FIRST), EPSS employs a data-driven, probabilistic model that estimates the risk of exploitation within 30 days. This system uses a combination of vulnerability characteristics and real-world data to provide a dynamic score, offering a more nuanced and responsive measure than static vulnerability assessments. 

Aptori automatically incorporates real-time EPSS scores for every identified vulnerability when utilizing integrated scanners for Software Composition Analysis (SCA), Dependency Checks, Container Scanning, and Static Application Security Testing. This simplifies sorting and filtering issues based on their EPSS scores, allowing for quick prioritization of critical vulnerabilities that require immediate remediation.

EPSS scores are presented as a percentage, ranging from 0% (indicating minimal likelihood of exploitation) to 100% (signifying maximum probability of exploitation). To enhance understanding, EPSS also includes percentile rankings. These rankings place an individual EPSS score in the context of all other EPSS scores, offering a comparative perspective. This dual approach of using both probability scores and percentile rankings aids in refining the prioritization process, allowing for more informed decision-making in vulnerability management. 

Using the EPSS Scoring System for Better Security
Release Notes
Aptori
Reduce Risk with Proactive Application Security.

Aptori, your AI teammate, performs static, dynamic, and semantic analyses on your software to identify vulnerabilities and suggest solutions, ensuring both security and high quality. At the heart of Aptori lies Semantic Testing, which significantly enhances security testing, triage, and remediation for applications and APIs. By elevating detection and response capabilities, Aptori strengthens the development of secure software, dramatically reducing the risk of data breaches.
PLATFORM
Why Aptori
          
RESOURCES
InsightsGuidesGlossaryWhitepaperDocumentation
SOLUTIONS
Application Security TestingAPI Security TestingAPI Risk AssessmentAutomated API Pen TestingPrevent BOLA AttacksAutomated Penetration Testing
NEWSLETTER
Get monthly news and insights in your inbox