Author Archives: Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.

More Posts by Dan Cornell

HaaM: HAM as a Module

ThreadFix has several modules, including one for Hybrid Analysis Mapping. Using HAM as a module provides us a good degree of flexibility in several areas: 1. Decoupling data types from ThreadFix allows database-free unit testing 2. The module can be... Read more…

ThreadFix, Sonar and Hibernate Java Annotations

SonarQube is “an open platform to manage code quality.” As security is certainly an aspect of code quality, we wrote a Sonar plugin to allow Sonar users to view ThreadFix security issues alongside results from other Sonar sensors. See Everything... Read more…

Blending Automated and Manual Testing – AppSec USA 2015

DevOps puts an intense focus on automation – taking humans out of the loop whenever possible to allow frequent, incremental updates to production systems. However, thorough application testing often has multiple components – much of this can be automated, but... Read more…

Analyzing Hybrid Analysis Mapping (HAM) – Part 2

As part 2 of the Analyzing HAM series, this week I’ll try to summarize the main strategy behind HAM. Or, as one ThreadFix developer once referred to the HAM system, the Matrix. [caption id="attachment_2591" align="aligncenter" width="570"] Wake up, HAM data.[/caption] The... Read more…

Analyzing Hybrid Analysis Mapping (HAM) – Part 1

This post will start a new series on ThreadFix’s Hybrid Analysis Mapping (HAM) library. Today I’ll cover the background on the SBIR contract, why ThreadFix was a good candidate for the program, and why HAM tastes so good in sandwiches.... Read more…

Secure DevOps with ThreadFix 2.3

Thanks to everyone who attended our Secure DevOps with ThreadFix 2.3 webinar today and thanks to all the great ThreadFix contributors who help make it possible. Hopefully folks enjoyed the presentation, and I certainly enjoyed all the Q&A. An expanded... Read more…

ThreadFix 2.2.7.1 Release

The ThreadFix team has been hard at work to bring you the best of their efforts and those of the community via the ThreadFix Community Edition for application vulnerability management. We are excited to announce that the latest version is... Read more…

ThreadFix 2.2.8 Release

The ThreadFix team has been hard at work to bring you the best of their efforts and those of the community via the ThreadFix Community Edition. We’d particularly like to thank Pearson Education for their contributions to the 2.2.8 features.... Read more…