By providing full context around both the application and the development environment, Legit’s ASPM platform empowers CISOs and their team to find, fix, and prevent the application vulnerabilities driving the greatest business risk.
The release of Legit context follows on the January 2025 release of root cause remediation, which enables customers to take one practical remediation step to address multiple AppSec issues.
“Organizations are challenged by an overwhelming number of vulnerabilities and very little actionable data on their actual exploitability and impact,” said Liav Caspi, co-founder and CTO, Legit Security. “The reality is that simple risk scoring or relying on CVSS scores alone only goes so far, and teams lack real-time context to help them in everyday decision-making. Without a deep understanding of the application, they are left with a lot of useless noise. Our new ASPM capabilities, assisted by AI, provide the context, visualization, and actionable data so that organizations can move fast knowing they are focusing on the right risks.”
Connecting the dots to drive prioritization based on true business impact
Developers and security teams spend significant time attempting to triage and fix vulnerabilities, but often lack insights into their business impact and exploitability. For instance, is a vulnerability a major problem simply because it has a high CVSS score, or are there additional factors, such as Internet exposure, presence of sensitive data, GenAI use, or external services, impacting risk? In other cases, issues can breach compliance or be part of mission-critical APIs.
Organizations often miss true business-critical risk, and spend time escalating the wrong risk, which increases the strain on development teams, is costly, and slows down innovation.
Legit context provides organizations with the full picture by building an application catalog with context, such as use of sensitive data (e.g., PII, PHI), APIs, Internet exposure, GenAI use, compliance implications, and the overall role of the application for the business. As a result, security and development teams gain the insights they need to confidently prioritize – and deprioritize – remediation efforts. And all insights are delivered automatically by our AI-native, deep code-to-cloud analysis.
Key features and benefits include:
- Auto context detection: Analyze the context of an application to determine the overall business impact
- Deep code-to-cloud scanning: Understand the full picture by bringing together hard-to-connect data points, such as Internet exposure, API exposure, cloud deployment, handling of sensitive data, use of AI/LLMs, and revenue and business impact of the application
- Application bill-of-materials: Generate a complete and continuously updating inventory of APIs, data stores, external services, AI models, services, and more application components that drive security impact. Export and manage them in a centralized tool and enrich existing CMDBs and application catalogs
- Vulnerability risk scoring and prioritization: Focus on vulnerabilities with the greatest business impact, and access all data to customize workflows and prioritization decisions
In addition to the new context capabilities, Legit also announced:
- Application API discovery: Benefit from a central place to see and manage all APIs and identify any changes that may create application risk. Legit can identify all APIs used by an application, plus analyze security issues such as authentication and authorization, Internet exposure, and additional controls
With Legit’s new capabilities, organizations gain a complete view of application risk, the context to both prioritize and remediate, and the ability to orchestrate DevSecOps processes to prevent issues in the future.