We’ve been heads-down working and haven’t had a chance to talk much about this, but Denim Group was awarded a SBIR Phase 2 contract to continue the development of the Hybrid Analysis Mapping (HAM) that we’ve been including in ThreadFix. (You can also check out what we did during SBIR Phase 1) This technology allows us to merge SAST and DAST scan results and also supports some other exciting use cases like pre-seeding DAST scanners with attack surface data and mapping DAST results to specific lines of code in developer IDEs.
So – what new stuff should you expect in the coming months?
- Support for new languages and frameworks – specifically ASP.NET, ASP.NET MVC, Java/Struts, PHP and more
- An expanded attack surface model that takes into account authentication and authorization as well as additional application entry points.
- A new IDE plugin for Microsoft Visual Studio
- Improved reporting in ThreadFix Community and ThreadFix Enterprise
If you have any questions about what we’re working on or if you are interested in early access to these technologies, please feel free to reach out.