It has been a busy two weeks working on ThreadFix:
- We’ve added Spanish to the list of language where we’ve seen ThreadFix coverage. This article on Under-Linux.org talks about ThreadFix. I believe it is mostly a translation of the @PenTestIT coverage from a week or so ago. Bueno! [UPDATE: Actually, it’s been pointed out to us that the article is actually in Portuguese. Optimo!]
- We have a number of updates rolled into an updated build (beta8) This includes a couple of bugfixes and UI enhancements as well as some new functionality I’ll detail below.
- We’ve done a lot of work on WAF support and have added (very early alpha) support for a couple of new commercial WAFs. Look for an upcoming post detailing our test lab environment as well as new supported platforms. We’re really excited about our universal virtual patching support and we see this as a great way to get software security teams working more closely with security operations teams. More to come!
- We also have started creating a command-line client to make it easier to integrate ThreadFix into software builds as well as other processes. We’ve had a REST API for some time, but the Java-based command-line client should make it even easier to automate different ThreadFix capabilities such as uploading scan results.
dan _at_ denimgroup.com