SAN ANTONIO–(BUSINESS WIRE)–Denim Group, the leading independent application security firm, today announced that the United States Patent and Trademark Office (USPTO) has awarded the company two patents which will provide a method of correlating and merging static application security testing (SAST) and dynamic application security testing (DAST) for web and mobile applications. The official name of the Hybrid Analysis Mapping (HAM) patents are as follows: Method of Correlating Static and Dynamic Application Security Testing Results for a Web Application (Patent #10,043,012) and Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application (Patent #10,043,004).
“By enabling organizations to more accurately correlate the results of static scans with dynamic scans and manage the data that is generated by their testing program more efficiently, we are delivering a significant breakthrough for today’s industry professionals in the application security space.”
The continued proliferation of websites, web applications, and mobile applications that handle sensitive data makes securing an organization’s application portfolio a major challenge. Effective application security programs utilize multiple types of analysis to test applications for security vulnerabilities, resulting in a high volume of data produced. This increased data can be valuable when it provides deeper insight into vulnerabilities; however, it can also make the problem of identifying areas of concern harder to manage by requiring further manual reviews by the analyst or highlighting large numbers of vulnerabilities and weaknesses that are of low value or priority. Without positive correlation of large data sets, the value of vulnerability data sets is diminished.
Denim Group has implemented the technology from these two Hybrid Analysis Mapping patents into their vulnerability resolution management platform, ThreadFix, in order to help organizations efficiently manage the large volume of data that is generated by an organization’s application security testing program. This technology makes ThreadFix the first platform able to correlate SAST and DAST results without requiring a runtime agent. As a result, organizations report a 71% success rate in matching SAST and DAST results and an average reduction of 15-35% in overall findings. ThreadFix improves the ability of the application development team to identify vulnerabilities found by both testing tools and prioritize them in order of degree to be addressed.
“We are honored to be awarded these two patents by the USPTO to help organizations more effectively manage their application security testing data,” said CTO of Denim Group, Dan Cornell. “By enabling organizations to more accurately correlate the results of static scans with dynamic scans and manage the data that is generated by their testing program more efficiently, we are delivering a significant breakthrough for today’s industry professionals in the application security space.”
About Denim Group
Denim Group is the leading independent application security firm, serving as a trusted advisor to customers on matters of application risk and security. The company helps organizations assess and mitigate application security risk. Denim Group’s flagship ThreadFix platform accelerates the process of application vulnerability remediation, reflecting the company’s rich understanding of what it takes to fix application vulnerabilities faster.