Lots of exciting stuff going on in ThreadFix-land:
- ThreadFix was selected to present at BlackHat Arsenal! We are really excited to have this opportunity to show ThreadFix to the security community and hear feedback. If you’re going to be at BlackHat later this month drop by our table at the Arsenal – we’ll be at Pod 3 from 10:15 through 11:15. If you can’t make it by the Arsenal get in touch and we can arrange a private demo.
- Josh Sokol and I will be giving a talk at BSides Las Vegas this year about “Symbiotic Security.” We will be using ThreadFix to demonstrate integrating web application scanners with web application firewalls (virtual patching). Scheduling details are still being worked out and we will get those posted here once they are available.
- Beta17 has been pushed out to the Google Code site including updates OWASP ZAP importer to handle newer result files, a major overhaul of the Bugzilla integration, and the long-requested ability to delete scans.
- We didn’t do a blog post about it, but Beta16 got pushed out about a week and a half ago, and it included updates to the virtual patch generation for F5 ASM and Deny All.
- We’re starting to make some updates to the toolchain we use to build, test and deploy ThreadFix. We’ll be getting these moved into the Google Code git repository and the first thing we’ve pushed is a Fabric script that builds ThreadFix and upgrades a pre-installed server. More to come.
dan _at_ denimgroup.com