Denim Group Blog

HotSpot: Finding Vulnerabilities in Shared Internally-Developed Code

  We recently announced the release of ThreadFix 2.4 which includes our patent-pending HotSpot technology that identifies where internal teams are sharing code among themselves and where that code has vulnerabilities. Similar to what solutions like BlackDuck, Sonatype, and OWASP Dependency Check do for vulnerabilities in known open source components – but for code developed […]

Tis the Season for Security Predictions

Each year across the country, right after Thanksgiving, a curious thing occurs at many technology vendors. Marketing professionals reach out to their company thought leaders to let them know that it’s time to produce a prediction report. Shortly thereafter, collective eyes are rolling and groans accompany candid statements, such as “I have nothing new or […]

Effective Application Security Testing in DevOps Pipelines

Introduction Businesses and development teams are rushing to embrace DevOps so they can be more agile, deploy code more quickly, and provide more value to their customers. Hallmarks of DevOps initiatives are support for significant automation, flexible provisioning, and cultural support for shared responsibilities. This often makes security teams uncomfortable, and they find themselves on […]

Black Friday Security Checklist for Retail Companies

If you’re lucky enough to work at a retail company, the next several weeks of holiday shopping may be the difference between a financially successful or unsuccessful year. As buyers, we’re all too familiar with the holiday shopping season, regardless of whether we either choose to buy our gifts from Amazon and other online retailers, […]

The Need for Speed: Application Security in a DevOps World

Over the summer, I had the opportunity to present at the RSA Asia Pacific & Japan Conference on the topic of DevOps and security. In the last 6-12 months, and especially in the time since submitting this topic, we’ve seen the accelerated rise of DevOps. The challenge is that we haven’t solved the problem of […]

Bringing Sanity to BlackHat Week – A Survival Guide for First-Timers

Ahhhhh. BlackHat Eve. That week before Black Hat where overworked security folks all over the world attempt to clear out their email inboxes prior to jetting out to Las Vegas for a week in enclosed conference centers with thousands of other like-minded security nerds. But when we talk about Black Hat as a singular event […]