Yearly Archives: 2015

Texas Tribune’s Symposium on Cybersecurity and Privacy

I had the unique opportunity last week to participate in a daylong policy discussion titled “A Symposium on Cybersecurity and Privacy: What the Public Sector Can Learn from the Private Sector” hosted by the Texas Tribune. The Texas Tribune is the only member-supported, digital-first, nonpartisan media organization that informs Texans — and engages with them […]

Webinar: How iOS and Android Handle Security

Today I delivered a webinar on mobile application security and, specifically, on how the iOS and Android platforms handle security. Slides and audio are online here: How iOS and Android Handle Security Webinar from Denim Group The goal of the webinar was twofold: Educate developers on the security characteristics and capabilities of their chosen development […]

Regression Testing the ThreadFix CLl with JUnit Parameterized Tests

Many applications have some form of external API that allows users to call actions or return information from outside of the UI. As the functionality of an application grows, the number of available API calls will likely (and will hopefully) grow alongside it. With something like a REST API, unwanted changes could cause calls to […]

ThreadFix 2.3RC1 Now Available

We’re excited to have the first Release Candidate for the ThreadFix 2.3 development cycle now available. The team has been hard at work since the 2.2 release and we’re also thrilled to announce contributions from great organizations such as Samsung, Pearson Education, and VirtualForge. The ThreadFix Community has been a great force driving the product’s development […]

Automated Testing for the ThreadFix CLI

The Task ThreadFix offers a command line interface jar to create teams, add applications, assign tags, search for vulnerabilities, and much, much more from the shell or command prompt. The number of actions available in the CLI has grown over time, and with the introduction of permissions-restricted API access, it has become less and less […]

Managing Code Repositories for ThreadFix Automated Builds & Tests

Automation is a big theme of ThreadFix’s QA strategy, and almost nowhere is that more apparent than in our workflow for SCM (“source code management” for the purposes of this post). Background ThreadFix has three repositories that comprise the application itself: our public GitHub repository, and our two private repositories for code specific to ThreadFix […]