Backslash AppSec offers LLM-powered remediation guidance

News emanating out of the tech start-up haven that is the modern Holy Land this month sees Backslash Security, drive its ‘deep reachability analysis’ AppSec technology forward with a service known as Fix Simulation that comes with AI-powered Attack Path Remediation (APR) capabilities.

The new features are supposed to equip security teams and developers with enhanced remediation guidance that is safe, secure and in relevant context of the given application.

Fix simulation addresses what its makers highlight as a ‘pervasive pain point’ faced by AppSec teams and developers: any version upgrade can introduce new risks due to unforeseen code dependencies, undoing progress already made and placing teams back at square one. 

Backslash Fix Simulation addresses this issue by simulating multiple fix options and demonstrating the resulting security posture for each one. 

This enables developers to save time, choose the best option while taking multiple considerations into account (including those unrelated to security) and avoid introducing new risks while addressing security issues.

Attack Path Remediation 

The above-noted Attack Path Remediation technology integrates with LLMs to give developers contextual guidance on code vulnerability remediation, while ensuring source code stays confidential. 

Drawing from the contextual insight generated via Backslash reachability analysis, the platform produces secure remediation guidance. By using code metadata from Backslash scans such as technology stacks and frameworks without sharing any code snippets, organisations can use LLM technology while protecting against data leaks and maintaining code privacy. 

“We finished the first half of the year with a record number of new customers. This reinforced our belief that it’s critical not only to focus the AppSec team on what really matters, but also to simplify the process of fixing the issues found,” said Yossi Pik, co-founder and CTO of Backslash Security. “To address this need, we developed new remediation capabilities that ensure vulnerabilities are identified, prioritized, and fixed promptly, closing the loop with tailored, context-rich recommendations. It’s like having an insider provide fix suggestions, streamlining the process for security and development teams.”

These new capabilities align with CISA’s Secure by Design Pledge requirements, providing organisations with a framework for maintaining security throughout the software development lifecycle. 

Backslash says it simplifies security integration into the development process, ensuring vulnerabilities are caught early and thus reducing entire classes of vulnerabilities.

A free trial is available with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, phantom packages, VEX, SBOM, secrets etc.