Blog Archives

Applied ThreadFix: Fire Bullets, Then Cannonballs – AppSec Edition

The concept of “firing bullets and then cannonballs” comes from the book Great By Choice by Jim Collins and Morten T. Hansen. The idea works a little like this:  first fire your “bullets” – low-cost, low-risk, low-distraction experiments to figure out what will work. This allows you to calibrate what you ultimately want to do […]

Managing Web Application Security

Web application scanners using dynamic application security testing (DAST) methods are ideal at identifying common vulnerabilities such as cross-site scripting, SQL injection, command execution and more. When used in conjunction with whitebox static application security testing (SAST) results that identify vulnerabilities in the application’s source code, security teams and developers can identify exploits earlier in […]

Managing Application Vulnerabilities Manually?

How to Identify that you have a Problem In spite of the fact that automation and application vulnerability resolution platforms like ThreadFix have existed for a decent length of time, we continue to see organizations that try to muscle ahead with their existing manual processes. We continue to be surprised that organizations manage their application […]