Originally released in 2012, ThreadFix was one of the first products in the industry to provide a comprehensive and easy-to-understand view of the state of an organization's software security. By aggregating multiple vulnerability test results into a centralized platform, ThreadFix automates the prioritization of the application's vulnerabilities into a unified list that application security managers can further prioritize via a centralized dashboard. As the development team resolves defects, status updates are synchronized within ThreadFix, enabling the security team to schedule follow-up testing to confirm that security holes have indeed been closed. This can transform the application remediation process by improving and simplifying the collaboration between security and development teams.
HYBRID ANALYSIS MAPPING
ThreadFix 2.0 was enhanced with the support of a
PINPOINTS CODE DEFECT LOCATION FROM DYNAMIC SCANS
ThreadFix 2.0 can now take dynamic scanner reports and pinpoint exactly where vulnerabilities exist in application source code. To do this, ThreadFix leverages the application attack models that the newly created Hybrid Analysis Mapping engine is now able to create, and maps those vulnerabilities back to the source code. ThreadFix 2.0 can also export this code data into the developer's Eclipse or IntelliJ Integrated Development Environment (IDE) which eliminates the vast amount of time previously spent manually searching for the offending line of code. ThreadFix provides the contextual relevant information as to exactly where the problem resides and what the problem is. By delivering this data when the developers are coding in their code editor, the time-to-fix for each vulnerability can be shortened dramatically.
"The ability to identify the line of code associated with dynamic testing is huge," said
MAKES DYNAMIC SCANNERS EVEN SMARTER
Another technology breakthrough that resulted from the Hybrid Analysis Mapping research improves the efficacy of dynamic scanners by identifying specific vulnerabilities which are not typically found by standard dynamic scanning crawls. The ThreadFix 2.0 platform accomplishes this by conducting a lightweight scan of an application's source code to enumerate an application's complete attack surface. The platform then exports the results of the scan back to the dynamic scanner, enabling that scanner to test "hidden" web pages and additional HTTP parameters that might have been missed in a typical dynamic scan. This new feature enables ThreadFix to improve the intelligence of dynamic scanners by feeding the scanner with additional threat model data, which in turn enables more comprehensive scans.
"Hybrid Analysis Mapping technology can accelerate the discovery, identification and remediation of application vulnerabilities in order to better protect the software systems that power our nation's critical infrastructure and e-commerce industries," said
ThreadFix 2.0 also offers another substantial new feature in the Enterprise edition which provides dynamic scan orchestration capabilities. By offering a central facility that can store scan configurations for a variety of vendor scanner technologies, ThreadFix enables application security professionals to schedule software testing using multiple dynamic scanners without the need for human intervention at every step of the process. This new scan orchestration capability empowers companies to scale the dynamic testing of more web applications, making it possible to automate the inspection of a company's entire portfolio of applications for the first time in the industry. This will also enable inspections to take place on a more frequent and recurring basis as well.
THREADFIX 2.0 ENTERPRISE EDITION
To respond to customer demand, ThreadFix 2.0 Enterprise Edition is also now available. ThreadFix Enterprise Edition offers enhanced features for multi-user deployments in large organizations such as LDAP (Lightweight Directory Access Protocol) and AD (Active Directory) integration, as well as role-based access control to enforce separation of duties within organizations. ThreadFix 2.0 Enterprise Edition also provides enhanced vulnerability reporting to address specific compliance requirements and offers additional tech support. ThreadFix Community Edition, which is typically used by companies that have just a few applications under development, will remain an open source project and can be downloaded at http://www.threadfix.org/download. To learn more, visit http://www.threadfix.org or contact
ABOUT DENIM GROUP
Read the full story at http://www.prweb.com/releases/2014/05/prweb11823235.htm
Most Popular Stories
- Islamic State Obliterating Cultural Landmarks in Mosul
- The 2014 Fastest-Growing 100
- 'Lucy's' Super Powers Tops 'Hercules' at Box Office
- Boehner Says Impeachment Talk Is Democrat Scam
- VW Site Could Mean Another 2,000 Jobs for Chattanooga
- RV Sales See Highest Increase Post Great Recession
- Report: China to Declare Qualcomm a Monopoly
- Insecticides Permeate U.S. Food, Water Supply
- You're So Vain: Microsoft to Launch First 'Selfie Phone'
- Anarchy, Chaos Sweep Across Libya