Author Archives: John Dickson

John Dickson web resolution

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd, the parent company of ThreadFix. He has more than 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.

More Posts by John Dickson

Managing Application Vulnerabilities Manually?

How to Identify that you have a Problem In spite of the fact that automation and application vulnerability resolution platforms like ThreadFix have existed for a decent length of time, we continue to see organizations that try to muscle ahead... Read more…

How the ThreadFix Team Uses Docker for QA and Support

The members of the ThreadFix team have often found themselves face-to-face with a fairly universal need across software groups: to quickly access running application instances. This need applies to groups from developers to support engineers to quality assurance personnel. It... Read more…

Automated Testing for the ThreadFix CLI

The Task ThreadFix offers a command line interface jar to create teams, add applications, assign tags, search for vulnerabilities, and much, much more from the shell or command prompt. The number of actions available in the CLI has grown over... Read more…

HaaM: HAM as a Module

ThreadFix has several modules, including one for Hybrid Analysis Mapping. Using HAM as a module provides us a good degree of flexibility in several areas: 1. Decoupling data types from ThreadFix allows database-free unit testing 2. The module can be... Read more…

Analyzing Hybrid Analysis Mapping (HAM) – Part 2

As part 2 of the Analyzing HAM series, this week I’ll try to summarize the main strategy behind HAM. Or, as one ThreadFix developer once referred to the HAM system, the Matrix. [caption id="attachment_2591" align="aligncenter" width="570"] Wake up, HAM data.[/caption] The... Read more…

Analyzing Hybrid Analysis Mapping (HAM) – Part 1

This post will start a new series on ThreadFix’s Hybrid Analysis Mapping (HAM) library. Today I’ll cover the background on the SBIR contract, why ThreadFix was a good candidate for the program, and why HAM tastes so good in sandwiches.... Read more…

Dogfooding ThreadFix: Part 1 – Application Layout

This is the first in a series of blog posts discussing how Denim Group has integrated software security into the ThreadFix development lifecycle and, specifically, how we use ThreadFix in this process. The goal is to shine a light on... Read more…