Yearly Archives: 2013

How much time does application security remediation take?

This is almost entirely dependent on an organization’s staff availability and the severity and scope of the vulnerabilities identified. Depending on the organization, remediation efforts can take anywhere from one to two months to over a year. Denim Group typically recommends a phased, risk-based approach to remediation where serious vulnerabilities that are comparatively easy to […]

Let’s Talk About Application Attack Surface

Have you ever wondered about your application’s attack surface? What URLs will respond to requests? And what HTTP methods will they respond to? And what parameters can be passed in? You probably think you know what is exposed but do you really? Why is this something you should even care about? I’d suggest a couple of reasons: […]

Threadfix 1.2 Released

The ThreadFix development team has been hard at work since our last official product release (v1.1) in March. We are excited to announce that 1.2 official is available for download. Please download and test drive today! Again, we encourage any and all feedback. Please report any bugs you might find (or cool feature requests) into […]

Asymmetric-Key Algorithms vs Symmetric-Key Algorithms

Asymmetric-key algorithms and symmetric-key algorithms are basic forms of cryptography. Symmetric-Key Algorithms The symmetry of the algorithm comes from the fact that both parties involved share the same key for both encryption and decryption. It works similar to a physical door where everyone uses a copy of the same key to both lock and unlock […]

ThreadFix 1.2 RC3 Now Available

The ThreadFix product development team has been hard at work since our ThreadFix 1.2 RC2 released in late July and today we’ve made a 3rd 1.2 Release Candidate available for users and organizations to download and put it through its paces. This update includes some great new features like: file attachments, severity filtering, support for Dependency […]

Press Coverage of ThreadFix and Hybrid Analysis Mapping (HAM)

We recently announced the SBIR Phase 1 contract we won with the Department of Homeland Security (DHS) to do research into Hybrid Analysis Mapping (HAM). This research is investigating better ways to integrate the results of static and dynamic security scanning tools and we are in the process of integrating this research into the ThreadFix […]