Cloud-Native Application Protection Platforms (CNAPPs) combine tools that scan your code, check your open-source libraries, protect your cloud workloads, and monitor your cloud configurations. But CNAPPs aren’t a silver bullet. They lack external active testing and blackbox cloud asset discovery, two capabilities that can leave exploitable vulnerabilities undetected.
CNAPPs depend on APIs and deployment hooks to see what’s running. But if a cloud resource or app isn’t in the right account, or is spun up in an unsanctioned cloud, CNAPPs won’t detect it, leaving it exposed and unprotected.
Active testing in AppSec, known as dynamic application security testing (DAST), is essential for catching what static-based tools miss. Many of the OWASP Top 10 risks, such as SQL injection, broken authentication, and XSS, can’t be reliably found without actively testing the live production application.
These aren’t just technical gaps, they’re blind spots that attackers look for. Closing them is key to achieving full visibility and protection across the DevSecOps lifecycle.
We’re excited to partner with Wiz to deliver blackbox cloud asset discovery and active testing. With the broader visibility and deeper cloud security insight provided by CyCognito, Wiz teams have the context they need to act faster and more confidently.
While CNAPPs monitor internal resources effectively, they can struggle with an organization’s external attack surface due to their reliance on known assets, configurations, and cloud APIs. Anything not explicitly deployed or integrated–like shadow IT or exposed, unmanaged apps– often goes unseen, leaving gaps where issues can appear.
CyCognito’s seedless discovery autonomously seeks out externally exposed assets across the global organization, including:
CyCognito provides Wiz users with a complete inventory of externally exposed assets and asset context.
CNAPPs are excellent at identifying issues during development and runtime protection after deployment. But actively testing exposed production systems is complex work and outside scope.
CyCognito provides over 80,000 tests, including DAST for web apps. It identifies OWASP Top 10 risks such as broken access control (A01) and authentication failures (A07). It also uncovers issues such as sensitive data exposure and security header misconfiguration identification.
By adding active test results to Wiz findings, CyCognito helps teams prioritize based on actual exposure, not just theoretical risk. This leads to smarter remediation, ensuring teams focus on what’s truly exploitable and urgent.
The integration is operationally seamless for Wiz users. Once CyCognito is added as an integration in the Wiz console (settings → integrations), test results and asset information flows automatically between platforms (Figure 1).
Figure 1. CyCognito runs active security tests on assets imported from Wiz
First, CyCognito retrieves Wiz’s asset inventory. Second, CyCognito gathers over 200 data points including attribution information, port status, and business purpose for every exposed asset. Third, CyCognito runs passive and active tests, such as DAST for web apps. And fourth, CyCognito delivers test and context data back to Wiz, along with issue details, remediation information, severity, and more.
A tier 1 security analyst using Wiz to investigate a new issue may follow this workflow:
Figure 2. CyCognito test results delivered to Wiz vulnerability findings
Figure 3. CyCognito test results visible in Wiz security graph
Figure 4. Detailed CyCognito test results in Wiz
Through this partnership, CyCognito equips DevSecOps teams with end-to-end coverage, from pre-production risk insight to runtime protection and active security testing (Figure 5).
Figure 5. CyCognito provides blackbox asset discovery and DAST to Wiz
Wiz identifies vulnerabilities during development and protects what you’ve deployed, and CyCognito shows all exposed assets and whether they are actually vulnerable in production.
The CyCognito + Wiz integration helps achieve this by:
Visit our solutions page to see how CyCognito enhances CNAPP coverage.
Want to see it in action? Request a demo and explore how CyCognito enhances your CNAPP strategy with outside-in asset discovery and dynamic application security testing!
Jason Pappalexis has worked in cybersecurity for nearly two decades, holding roles across government security administration, third-party testing, solutions architecture, product management, and technical product marketing.
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.
Discover insights on application security, exposure management and other key topics below.
The definitive guide to attack surface management. Learn everything you need to know to reduce your cyber security risk with attack surface management.
Exposure management is a set of processes which allow organizations to assess the visibility, accessibility, and risk factors of their digital assets.
Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in a system.
Explore CyCognito modules ASM, AST and EI in the resources below.
Scalable, continuous, and comprehensive testing for all external assets, all the time.
CyCognito Automated Security Testing dynamically applies payload-based testing techniques across your entire external attack surface.
CyCognito Exploit Intelligence uses threat intelligence about attackers’ behavior and exploitability for enhanced prioritization.