ThreadFix 2.2M6 Now Available

threadfix

The ThreadFix team has been hard at work since our 2.1 release a couple of months back. We’ve added some development and QA muscle to the ThreadFix engineering team and we’re rolling toward a 2.2 final release – probably in about two months with a solid release candidate available 30 days prior.

We’ve been posting milestone builds along the way, but haven’t talked about them much so I wanted to get this blog post up with some details about what we’ve been working on. Here are the sorts of things you can expect from the upcoming ThreadFix 2.2 release that you can see now in the ThreadFix 2.2M6 build, now available online for download:

  • All the reporting and analytics have been redone in D3.js which allow for much more flexibility in creating and saving custom filters.  (They look way better than our previous reports.)
  • Initial support for importing results from IAST tools – specifically Contrast.
  • Application tagging – allows you to tag applications with various attributes for easier management and reporting (internal-facing versus external-facing, Java-based, mobile versus web, subject to PCI compliance, etc).
  • New reports such as the OWASP Top 10 report.
  • Hybrid Analysis Mapping (HAM) support now includes ASP.NET WebForms and ASP.NET MVC (for C#)
  • Lots of bug fixes, feature enhancements and general all-around cleanup.

We have a couple more tricks up our sleeve before the final 2.2 release, but there’s a lot of great stuff in this milestone build for folks to check out. So head on over to the ThreadFix downloads page.

If you run into any issues, please post them to our GitHub issue tracker or the ThreadFix Google Group and if you have any other questions, please contact us.

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *