AppSec Smackdown: Reachability or Exploitability – Which Wins?

​The Reachability vs. Exploitability debate in the AppSec space has become nearly as central to security practitioners as the Multi vs. Monorepo in DevOps circles. But what does this actually mean? How can you combat the endless alerts and prioritize the actual security issues?!

​Join Josh Grossman, CTO of Bounce Security and OWASP Israel Chapter leader, and Mic McCully, Director of Solution Engineering at Oligo Security, for a 30-minute webinar followed by a Q&A panel where they will dive into the challenge of verifying exploitability and reachability through common tools like Software Composition Analysis (SCA) and Static Application Security Testing (SAST).

​The session will begin with a technical overview and discussion, that will cover:

• ​What has lead the market to trying to solve the reachability problem

• ​The current state of the union for dealing with vulnerabilities:

  • ​Upgrading and moving on (if an upgrade exists)

  • ​Manually verifying exploitability

  • ​Doing nothing (an all-too-common approach)

​Including ranting a bit about the intensive nature vs. some of the options vs. the difficulties of the rest - including poor CVE descriptions, complex code tracing, and the ever-changing code base.

​But stick around, as we’ll share novel solutions that are helping combat 80-90% of the noise through OSS tools like eBPF alongside commercial tools tackling real time runtime security.

​We’ll wrap up with a panel led by Sharone Zitzman, DevOps & Cloud Native TLV Community Lead, who will tap into their decades-long experience. Come armed with tough questions to get the answers you’re looking for on how to achieve the coverage you need for today’s multi-tier, cloud-native applications.