Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.

Posts by Dan Cornell

HotSpot: Finding Vulnerabilities in Shared Internally-Developed Code

  We recently announced the release of ThreadFix 2.4 which includes our patent-pending HotSpot technology that identifies where internal teams are sharing code among themselves and where that code has vulnerabilities. Similar to what solutions like BlackDuck, Sonatype, and OWASP Dependency Check do for vulnerabilities in known open source components – but for code developed […]

Effective Application Security Testing in DevOps Pipelines

Introduction Businesses and development teams are rushing to embrace DevOps so they can be more agile, deploy code more quickly, and provide more value to their customers. Hallmarks of DevOps initiatives are support for significant automation, flexible provisioning, and cultural support for shared responsibilities. This often makes security teams uncomfortable, and they find themselves on […]

Webinar: ThreadFix 2.4 Maximizing the Impact of Your Application Security Resources

We ran a webinar for the upcoming ThreadFix 2.4 Enterprise release. Slides and a video recording of the webinar are available here: ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources from Denim Group There were a couple of items that came up during the presentation where I wanted to provide some additional detail and links […]

Cybersecurity: It’s All About the Coders (Thoughts on My TEDx Talk)

I recently gave a presentation at the TEDx San Antonio conference on March 5th, 2016 held at Rackspace Global Headquarters. This was a tremendous experience and I got to meet and share ideas with a bunch of great folks. Here’s a video of the talk: And here’s an interview I did with Jennifer Navarrete afterward […]

ThreadFix In Action: Discovering Your Organization’s Software Attack Surface (Web App Edition)

Many organizations use ThreadFix as the platform for running application security program – tracking their application portfolio and getting their applications under a cycle of regular security testing. But before you can start getting applications under security management, you have to know about them and get them installed in the system. In this post, we look […]

Having Trouble Starting Your Application Security Program? Beat Up Your Vendors!

Starting an application security program can be very challenging. If you don’t know how to get started – or if you can’t seem to get any traction getting your organization to change its ways – consider changing your focus and instead beat up on your vendors. Why Is Application Security Hard? Creating an internal application […]