ThreadFix Thursday: Improved WAF Support, Command-Line Client, Portuguese Coverage


It has been a busy two weeks working on ThreadFix:

  •  We’ve added Spanish to the list of language where we’ve seen ThreadFix coverage. This article on talks about ThreadFix. I believe it is mostly a translation of the @PenTestIT coverage from a week or so ago. Bueno! [UPDATE: Actually, it’s been pointed out to us that the article is actually in Portuguese. Optimo!]
  • We have a number of updates rolled into an updated build (beta8) This includes a couple of bugfixes and UI enhancements as well as some new functionality I’ll detail below.
  • We’ve done a lot of work on WAF support and have added (very early alpha) support for a couple of new commercial WAFs. Look for an upcoming post detailing our test lab environment as well as new supported platforms. We’re really excited about our universal virtual patching support and we see this as a great way to get software security teams working more closely with security operations teams. More to come!
  • We also have started creating a command-line client to make it easier to integrate ThreadFix into software builds as well as other processes. We’ve had a REST API for some time, but the Java-based command-line client should make it even easier to automate different ThreadFix capabilities such as uploading scan results.

So we are still plugging along. Please keep testing and sending bugs and feedback. Contact us if you have any questions or comments.


dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.