OWASP Phoenix: Using ThreadFix to Manage Application Vulnerabilities

Owasplogo

I’ll be in Phoenix next week on Tuesday February 5th, 2013 speaking to the Phoenix OWASP chapter about ThreadFix.

Title: Using ThreadFix to Manage Application Vulnerabilities

Abstract:

ThreadFix is an open source software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. It imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows organizations to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. This presentation will walk through the major functionality in ThreadFix and describe several common use cases such as merging the results of multiple open source and commercial scanning tools and services. It will also demonstrate how ThreadFix can be used to track the results of scanning over time and gauge the effectiveness of different scanning techniques and technologies. Finally it will provide examples of how tracking assurance activities across an organization’s application portfolio can help the organization optimize remediation activities to best address risks associated with vulnerable software.

The meeting will be held from 6:30 – 7:30pm at the University of Advancing Technology 2625 W. BASELINE RD. TEMPE, AZ 85283-1056. For more information, check out the main OWASP Phoenix site.

Contact us for help running your software security program on ThreadFix.

–Dan

dan _at_ denimgroup.com

@danielcornell

About dancornell

Dan Cornell has over fifteen years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader. Dan has speaks at such international conferences as RSA, ROOTs in Norway and OWASP AppSec EU.

Leave a reply