My apologies – it has been a little bit since our last update, but today we pushed out Beta15. Improvements in this release include:
- An updated Fortify importer that uses SAX parsing for better memory and speed efficiency has been included in the main codebase. Check it out, feed some big FPR files to it and let us know how it does for you.
- An updated Acunetix importer that addresses a couple of issues and includes new vulnerabilities they’ve added in recent releases. (I also wanted to extend a big “thank you” to the Acunetix folks for their help tuning and improving our importer.)
- Various bug fixes (keep an eye on the Google Code bug tracker for the current list of open issues)
Also for those of you who are attending AppSecEU in Athens next month, I’ll be giving a training course on running a software security program based on Open Source tools. We’ll be looking at a lot of the features of ThreadFix as well as how ThreadFix can be used with tools like OWASP ZAProxy, mod_security and w3af.
dan _at_ denimgroup.com