A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.
More Posts by Dan Cornell
September 25, 2020
OWASP Amass is a great tool for asset discovery and enterprise attack surface mapping. It pulls data from a number of different data sources and identifies potential hosts and applications associated with organizations, domains, IP CIDRs and other identifiers. As...
Read more…
September 18, 2020
Asset management is a serious issue across the information security space. A very common challenge we see for organizations running an application security program is just getting an idea of what applications they have available and what infrastructure has...
Read more…
July 14, 2020
This blog has been updated with new information for 2020. Do your best Excel users work in application security? Are you trying to manage thousands of vulnerabilities across hundreds of applications in an increasingly elaborate series of Excel spreadsheets? Most...
Read more…
April 28, 2020
Modern enterprises are distributed. Most ThreadFix deployments have stakeholders spanning development and security teams and those team members are spread around the globe. To support these distributed organizations, ThreadFix has a number of collaboration features that make teams more efficient...
Read more…
April 22, 2020
Modern enterprises are distributed. Most ThreadFix deployments have stakeholders spanning development and security teams and those team members are spread around the globe. To support these distributed organizations, ThreadFix has a number of collaboration features that make teams more efficient...
Read more…
March 27, 2020
One of the most valuable things about ThreadFix is that it centralizes the results of all your testing, assurance, and remediation activities so you no longer have separate silos of data. This is really valuable from a reporting standpoint. If...
Read more…
March 5, 2020
As we talked about in an earlier blog post, secure coding training for developers can be expensive. Knowledgeable individuals who are adept at training are relatively rare. Quality training materials are expensive to develop and maintain. For these reasons, solid...
Read more…
February 20, 2020
In Part 1 of this blog post, we looked at the concept of “firing bullets and then cannonballs” that comes from the book Great By Choice by Jim Collins and Morten T. Hansen. The idea works a little like this:...
Read more…
February 11, 2020
The concept of “firing bullets and then cannonballs” comes from the book Great By Choice by Jim Collins and Morten T. Hansen. The idea works a little like this: first fire your “bullets” – low-cost, low-risk, low-distraction experiments to figure...
Read more…
July 22, 2019
The major push that went into the 2.7.5 ThreadFix development effort was to increase performance and scalability. As ThreadFix deployment have become larger and as the shift to DevOps means that test results are coming more frequently, we needed to...
Read more…
March 7, 2019
In our previous post, we teased some of the new capabilities and updates coming with the release of ThreadFix 3.0. Dan provided some technical details about what we’ve been doing under the hood; now that the launch is officially here, let’s take a...
Read more…
November 8, 2018
Hot on the heels of ThreadFix 2.7 and the two patents on our Hybrid Analysis Mapping technology, the 3.0 release of ThreadFix is planned for early Q1 2019 – just in time for RSAC 2019! So what’s actually new in...
Read more…
Page 1 of 912345...»Last »