Posts by Denim Group Team

Post: ThreadFix 2.7: Strengthening Your Security Profile with On-Demand Services

Now that ThreadFix 2.7 is available, we wanted to expand on our previous post with some more specifics of what all had been added to the platform for this release. Quick Check Assessments Delivered via ThreadFix ThreadFix has just increased your access to both capacity and expertise by putting Denim Group’s world class Application Testing […]

Webinar: Understanding IoT Security: How to Quantify Security Risk of IoT Technologies- Thank You

Thank you for your interest in Denim Group’s Webinar, “Understanding IoT Security: How to Quantify Security Risk of IoT Technologies.” You can view the webinar recording by clicking the link below. View Webinar Slides and Video Understanding IoT Security: How to Quantify Security Risk of IoT Technologies from Denim Group If you have any questions […]

Post: AppSec Concerns: UUID Generation

Background During static analysis, one of the things the application security team checks for is strong random number generation for security sensitive contexts. We see weaknesses in this space quite often for temporary passwords and session identifiers, but an increasingly common variant is for universally unique identifiers (UUIDs). The proposed UUID standard describes a UUID […]

Post: How the ThreadFix Team Uses Docker for QA and Support

The members of the ThreadFix team have often found themselves face-to-face with a fairly universal need across software groups: to quickly access running application instances. This need applies to groups from developers to support engineers to quality assurance personnel. It can require the latest and greatest code that developers have been working on or the […]

Post: Regression Testing the ThreadFix CLl with JUnit Parameterized Tests

Many applications have some form of external API that allows users to call actions or return information from outside of the UI. As the functionality of an application grows, the number of available API calls will likely (and will hopefully) grow alongside it. With something like a REST API, unwanted changes could cause calls to […]

Post: Automated Testing for the ThreadFix CLI

The Task ThreadFix offers a command line interface jar to create teams, add applications, assign tags, search for vulnerabilities, and much, much more from the shell or command prompt. The number of actions available in the CLI has grown over time, and with the introduction of permissions-restricted API access, it has become less and less […]