ThreadFix Thursday: Beta17, BlackHat Arsenal, BSidesLV and More

Lots of exciting stuff going on in ThreadFix-land:
  • ThreadFix was selected to present at BlackHat Arsenal! We are really excited to have this opportunity to show ThreadFix to the security community and hear feedback. If you’re going to be at BlackHat later this month drop by our table at the Arsenal – we’ll be at Pod 3 from 10:15 through 11:15. If you can’t make it by the Arsenal get in touch and we can arrange a private demo.
  • Josh Sokol and I will be giving a talk at BSides Las Vegas this year about “Symbiotic Security.” We will be using ThreadFix to demonstrate integrating web application scanners with web application firewalls (virtual patching). Scheduling details are still being worked out and we will get those posted here once they are available.
  • Beta17 has been pushed out to the Google Code site including updates OWASP ZAP importer to handle newer result files, a major overhaul of the Bugzilla integration, and the long-requested ability to delete scans.
  • We didn’t do a blog post about it, but Beta16 got pushed out about a week and a half ago, and it included updates to the virtual patch generation for F5 ASM and Deny All.
  • We’re starting to make some updates to the toolchain we use to build, test and deploy ThreadFix. We’ll be getting these moved into the Google Code git repository and the first thing we’ve pushed is a Fabric script that builds ThreadFix and upgrades a pre-installed server. More to come.
Contact us if you are interested in learning more about ThreadFix.

Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.