SlideShare a Scribd company logo

Optimize Your Security Program with ThreadFix 2.7

Denim Group
Denim Group

ThreadFix 2.7’s feature set represents the most significant expansion to the platform since ThreadFix was first released almost 10 years ago. This release bundles new application risk-ranking capabilities with the powerful addition to receive a 3rd party assessment for any application managed within ThreadFix. Join us to see how your team’s capacity and capabilities can be instantly expanded through on-demand application security assessments delivered directly into your ThreadFix instance, adding Denim Group’s nearly two decades of application security experience to your team anytime you need it.

Technology
1 of 30
Download to read offline
© 2018 Denim Group – All Rights Reserved Building a world where technology is trusted. Optimize Your Security Program with ThreadFix 2.7 Application Risk Management + On-Demand AppSec Assessments Dan Cornell | CTO Kyle Pippin | Product Manager
© 2018 Denim Group – All Rights Reserved ThreadFix Overview
© 2018 Denim Group – All Rights Reserved ThreadFix Overview • Consolidate Test Results • Manage Vulnerabilities • Gain Access to Powerful Analytics 2
© 2018 Denim Group – All Rights Reserved ThreadFix Overview 3
© 2018 Denim Group – All Rights Reserved Consolidate Test Results 4
© 2018 Denim Group – All Rights Reserved Application Security Testing • Application Security Testing • SAST, DAST, IAST • Software Composition Analysis (SCA) • Manual Testing • Code Reviews • Application Assessments • 3rd Party Testing 5
© 2018 Denim Group – All Rights Reserved Application Portfolio Tracking 6
© 2018 Denim Group – All Rights Reserved Test Result Consolidation 7
© 2018 Denim Group – All Rights Reserved Test Result Consolidation 8 • Typically see a 15-35% reduction in finding count • Includes technology from Denim Group patents: • US 10,043,012 Method of Correlating Static and Dynamic Application Security Testing Results for Web Applications • US 10,043,004 Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application
© 2018 Denim Group – All Rights Reserved Manage Vulnerabilities 9
© 2018 Denim Group – All Rights Reserved Vulnerability Prioritization 10
© 2018 Denim Group – All Rights Reserved HotSpot Technology 11 • Identify internally developed and shared code responsible for vulnerabilities • Includes technology from Denim Group patent US 10,116,681 Method of Detecting Shared Vulnerable Code
© 2018 Denim Group – All Rights Reserved Defect Tracker Integration 12
© 2018 Denim Group – All Rights Reserved Gain Access to Powerful Analytics 13
© 2018 Denim Group – All Rights Reserved Searching and Views 14
© 2018 Denim Group – All Rights Reserved Program Benchmarking 15
© 2018 Denim Group – All Rights Reserved Scanner Benchmarking 16
© 2018 Denim Group – All Rights Reserved ThreadFix 2.7
© 2018 Denim Group – All Rights Reserved ThreadFix 2.7 • Portfolio Risk Ranking • CVE Filtering • New Vulnerability Statuses • Assessment Delivery • Performance Enhancements 18
© 2018 Denim Group – All Rights Reserved Portfolio Risk Ranking 19
© 2018 Denim Group – All Rights Reserved CVE Filtering 20
© 2018 Denim Group – All Rights Reserved New Vulnerability Statuses 21
© 2018 Denim Group – All Rights Reserved Integrated Service Delivery • Make service requests from platform • Initial catalog of services: security testing / assessment • Future services: false positive culling, remediation triage • Receive and view results directly within platform • Load-balance between internal efforts/capabilities and Denim Group’s resources 22
© 2018 Denim Group – All Rights Reserved Assessment Delivery 23
© 2018 Denim Group – All Rights Reserved Make Service Requests From Platform 24
© 2018 Denim Group – All Rights Reserved View Results Within Platform 25
© 2018 Denim Group – All Rights Reserved ThreadFix 3.0 Preview
© 2018 Denim Group – All Rights Reserved Unified Vulnerability Management 27
© 2018 Denim Group – All Rights Reserved References ThreadFix Web Site ThreadFix 2.7 blog post ThreadFix 3.0 preview blog post Hybrid Analysis Mapping patents release HotSpot patent release 28
© 2018 Denim Group – All Rights Reserved Building a world where technology is trusted. @denimgroup www.denimgroup.com 29 dan@denimgroup.com kyle@denimgroup.com

Recommended

What is new in codeBeamer 7.9
What is new in codeBeamer 7.9What is new in codeBeamer 7.9
What is new in codeBeamer 7.9Intland Software GmbH
 
CCXG Global Forum October 2018 Summary Slides Breakout Groups A and D
CCXG Global Forum October 2018 Summary Slides Breakout Groups A and DCCXG Global Forum October 2018 Summary Slides Breakout Groups A and D
CCXG Global Forum October 2018 Summary Slides Breakout Groups A and DOECD Environment
 
Stefan Aria Certificate
Stefan Aria CertificateStefan Aria Certificate
Stefan Aria CertificateStefan Viljoen
 
Risk Management Vendor Briefing
Risk Management Vendor BriefingRisk Management Vendor Briefing
Risk Management Vendor BriefingInflectra
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 

Recommended

What is new in codeBeamer 7.9
What is new in codeBeamer 7.9What is new in codeBeamer 7.9
What is new in codeBeamer 7.9Intland Software GmbH
 
CCXG Global Forum October 2018 Summary Slides Breakout Groups A and D
CCXG Global Forum October 2018 Summary Slides Breakout Groups A and DCCXG Global Forum October 2018 Summary Slides Breakout Groups A and D
CCXG Global Forum October 2018 Summary Slides Breakout Groups A and DOECD Environment
 
Stefan Aria Certificate
Stefan Aria CertificateStefan Aria Certificate
Stefan Aria CertificateStefan Viljoen
 
Risk Management Vendor Briefing
Risk Management Vendor BriefingRisk Management Vendor Briefing
Risk Management Vendor BriefingInflectra
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsDenim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Denim Group
 
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...Denim Group
 
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Capgemini
 
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Capgemini
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix Denim Group
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesDenim Group
 
Integrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondIntegrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondDevOps.com
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramDenim Group
 
Enabling Agility Through DevOps
Enabling Agility Through DevOpsEnabling Agility Through DevOps
Enabling Agility Through DevOpsLeland Newsom CSP-SM, SPC5, SDP
 
How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program Denim Group
 
ThreadFix 2.5 Webinar
ThreadFix 2.5 WebinarThreadFix 2.5 Webinar
ThreadFix 2.5 WebinarDenim Group
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'WHSZachJones
 
Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4JDenim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 

More Related Content

Similar to Optimize Your Security Program with ThreadFix 2.7

Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Denim Group
 
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...Denim Group
 
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Capgemini
 
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Capgemini
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix Denim Group
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesDenim Group
 
Integrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondIntegrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondDevOps.com
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramDenim Group
 
How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program Denim Group
 
ThreadFix 2.5 Webinar
ThreadFix 2.5 WebinarThreadFix 2.5 Webinar
ThreadFix 2.5 WebinarDenim Group
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellDenim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceDenim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'WHSZachJones
 

Similar to Optimize Your Security Program with ThreadFix 2.7 (20)

Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...
 
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...
 
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
 
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
Infrastructure predictive monitoring with itoa jean louis baudoin, capgemini-...
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
 
Integrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondIntegrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and Beyond
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security Program
 
Enabling Agility Through DevOps
Enabling Agility Through DevOpsEnabling Agility Through DevOps
Enabling Agility Through DevOps
 
How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program
 
ThreadFix 2.5 Webinar
ThreadFix 2.5 WebinarThreadFix 2.5 Webinar
ThreadFix 2.5 Webinar
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan Cornell
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'
 

More from Denim Group

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4JDenim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20Denim Group
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsDenim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
An OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless ComputingAn OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless ComputingDenim Group
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Denim Group
 
Securing Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsSecuring Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsDenim Group
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT SystemsDenim Group
 

More from Denim Group (17)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
An OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless ComputingAn OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless Computing
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset
 
Securing Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsSecuring Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term Elections
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT Systems
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Optimize Your Security Program with ThreadFix 2.7

  • 1. © 2018 Denim Group – All Rights Reserved Building a world where technology is trusted. Optimize Your Security Program with ThreadFix 2.7 Application Risk Management + On-Demand AppSec Assessments Dan Cornell | CTO Kyle Pippin | Product Manager
  • 2. © 2018 Denim Group – All Rights Reserved ThreadFix Overview
  • 3. © 2018 Denim Group – All Rights Reserved ThreadFix Overview • Consolidate Test Results • Manage Vulnerabilities • Gain Access to Powerful Analytics 2
  • 4. © 2018 Denim Group – All Rights Reserved ThreadFix Overview 3
  • 5. © 2018 Denim Group – All Rights Reserved Consolidate Test Results 4
  • 6. © 2018 Denim Group – All Rights Reserved Application Security Testing • Application Security Testing • SAST, DAST, IAST • Software Composition Analysis (SCA) • Manual Testing • Code Reviews • Application Assessments • 3rd Party Testing 5
  • 7. © 2018 Denim Group – All Rights Reserved Application Portfolio Tracking 6
  • 8. © 2018 Denim Group – All Rights Reserved Test Result Consolidation 7
  • 9. © 2018 Denim Group – All Rights Reserved Test Result Consolidation 8 • Typically see a 15-35% reduction in finding count • Includes technology from Denim Group patents: • US 10,043,012 Method of Correlating Static and Dynamic Application Security Testing Results for Web Applications • US 10,043,004 Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application
  • 10. © 2018 Denim Group – All Rights Reserved Manage Vulnerabilities 9
  • 11. © 2018 Denim Group – All Rights Reserved Vulnerability Prioritization 10
  • 12. © 2018 Denim Group – All Rights Reserved HotSpot Technology 11 • Identify internally developed and shared code responsible for vulnerabilities • Includes technology from Denim Group patent US 10,116,681 Method of Detecting Shared Vulnerable Code
  • 13. © 2018 Denim Group – All Rights Reserved Defect Tracker Integration 12
  • 14. © 2018 Denim Group – All Rights Reserved Gain Access to Powerful Analytics 13
  • 15. © 2018 Denim Group – All Rights Reserved Searching and Views 14
  • 16. © 2018 Denim Group – All Rights Reserved Program Benchmarking 15
  • 17. © 2018 Denim Group – All Rights Reserved Scanner Benchmarking 16
  • 18. © 2018 Denim Group – All Rights Reserved ThreadFix 2.7
  • 19. © 2018 Denim Group – All Rights Reserved ThreadFix 2.7 • Portfolio Risk Ranking • CVE Filtering • New Vulnerability Statuses • Assessment Delivery • Performance Enhancements 18
  • 20. © 2018 Denim Group – All Rights Reserved Portfolio Risk Ranking 19
  • 21. © 2018 Denim Group – All Rights Reserved CVE Filtering 20
  • 22. © 2018 Denim Group – All Rights Reserved New Vulnerability Statuses 21
  • 23. © 2018 Denim Group – All Rights Reserved Integrated Service Delivery • Make service requests from platform • Initial catalog of services: security testing / assessment • Future services: false positive culling, remediation triage • Receive and view results directly within platform • Load-balance between internal efforts/capabilities and Denim Group’s resources 22
  • 24. © 2018 Denim Group – All Rights Reserved Assessment Delivery 23
  • 25. © 2018 Denim Group – All Rights Reserved Make Service Requests From Platform 24
  • 26. © 2018 Denim Group – All Rights Reserved View Results Within Platform 25
  • 27. © 2018 Denim Group – All Rights Reserved ThreadFix 3.0 Preview
  • 28. © 2018 Denim Group – All Rights Reserved Unified Vulnerability Management 27
  • 29. © 2018 Denim Group – All Rights Reserved References ThreadFix Web Site ThreadFix 2.7 blog post ThreadFix 3.0 preview blog post Hybrid Analysis Mapping patents release HotSpot patent release 28
  • 30. © 2018 Denim Group – All Rights Reserved Building a world where technology is trusted. @denimgroup www.denimgroup.com 29 dan@denimgroup.com kyle@denimgroup.com