ThreadFix Thursday: Beta15, Updated Importers and Bugfixes

My apologies – it has been a little bit since our last update, but today we pushed out Beta15. Improvements in this release include:
  • An updated Fortify importer that uses SAX parsing for better memory and speed efficiency has been included in the main codebase. Check it out, feed some big FPR files to it and let us know how it does for you.
  • An updated Acunetix importer that addresses a couple of issues and includes new vulnerabilities they’ve added in recent releases. (I also wanted to extend a big “thank you” to the Acunetix folks for their help tuning and improving our importer.)
  • Various bug fixes (keep an eye on the Google Code bug tracker for the current list of open issues)
Also for those of you who are attending AppSecEU in Athens next month, I’ll be giving a training course on running a software security program based on Open Source tools. We’ll be looking at a lot of the features of ThreadFix as well as how ThreadFix can be used with tools like OWASP ZAProxy, mod_security and w3af.

Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.