Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

YouTube videos are no longer supported on SlideShare

View original on YouTube

ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 2 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 3 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 4 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 5 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 6 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 7 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 8 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 9 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 10 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 11 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 12 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 13 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 14 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 15 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 16 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 17 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 18 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 19 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 20 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 21 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 22 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 23 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 24 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 25 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 26 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 27 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 28 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 29 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 30 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 31 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 32 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 33 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 34 ThreadFix 2.2 Preview Webinar with Dan Cornell Slide 35
Upcoming SlideShare
Using ThreadFix to Manage Application Vulnerabilities
Next
Download to read offline and view in fullscreen.

2 Likes

Share

Download to read offline

ThreadFix 2.2 Preview Webinar with Dan Cornell

Download to read offline

ThreadFix allows security analysts to create a consolidated view of applications and vulnerabilities, prioritize application risk decisions based on data, and translate application vulnerabilities to developers in the tools they are already using. This webinar examines how organizations can use ThreadFix 2.2 to help establish and scale their application security programs. Using a combination of demos and real-world examples, attendees will learn how to best use ThreadFix's capabilities to support their application security program.

Topics will include:

Consolidating application vulnerability data by integrating SAST, DAST and now IAST and component lifecycle management results into a single dashboard
Managing application risk with ThreadFix’s completely overhauled vulnerability analytics and reporting as well as GRC integration capabilities
Ramping up application penetration testing with the updated ThreadFix ZAP and Burp plugins, featuring integrated Hybrid Analysis Mapping
Communicating security risks to development managers via SonarQube integration

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

ThreadFix 2.2 Preview Webinar with Dan Cornell

  1. 1. © 2015 Denim Group – All Rights Reserved! ThreadFix 2.2 Preview! Dan Cornell @danielcornell
  2. 2. © 2015 Denim Group – All Rights Reserved! My Background! •  Dan Cornell – Founder and CTO of Denim Group •  Software Developer By Background (Java, .NET) •  OWASP San Antonio
  3. 3. © 2015 Denim Group – All Rights Reserved! Denim Group Background! •  Secure software services and products company •  Builds secure software •  Helps organizations assess and mitigate risk of in-house developed and third party software •  Provides classroom training and e-Learning so clients can build software securely •  Software-centric view of application security •  Application security experts are practicing developers •  Development pedigree translates to rapport with development managers •  Business impact: shorter time-to-fix application vulnerabilities •  Culture of application security innovation and contribution •  Develops open source tools to help clients mature their software security programs •  Remediation Resource Center, ThreadFix •  OWASP national leaders & regular speakers at RSA, SANS, OWASP, ISSA, CSI •  World class alliance partners accelerate innovation to solve client problems
  4. 4. © 2015 Denim Group – All Rights Reserved! What Is ThreadFix?! •  ThreadFix allows application security teams to: •  Create a consolidated view of your applications and vulnerabilities •  Prioritize application risk decisions based on data •  Translate vulnerabilities to developers in the tools they are already using
  5. 5. © 2015 Denim Group – All Rights Reserved! Supported Technologies!
  6. 6. © 2015 Denim Group – All Rights Reserved! 6! Create a consolidated view of your applications and vulnerabilities
  7. 7. © 2015 Denim Group – All Rights Reserved! What’s New in ThreadFix 2.2?! •  Support for IAST and software composition analysis •  Contrast Security •  Sonatype •  Hybrid Analysis Mapping (HAM) Updates •  ASP.NET (WebForms, MVC) •  Java/Struts •  Application and Comment Tagging
  8. 8. © 2015 Denim Group – All Rights Reserved! Merged IAST and DAST Results!
  9. 9. © 2015 Denim Group – All Rights Reserved! Vulnerable Component Results!
  10. 10. © 2015 Denim Group – All Rights Reserved! Merged SAST and DAST Results!
  11. 11. © 2015 Denim Group – All Rights Reserved! Configuring Tags!
  12. 12. © 2015 Denim Group – All Rights Reserved! Tagging Applications!
  13. 13. © 2015 Denim Group – All Rights Reserved! 13! Prioritize application risk decisions based on data
  14. 14. © 2015 Denim Group – All Rights Reserved! What’s New in ThreadFix 2.2?! •  Fully Upgraded Reporting and Customization •  Compliance Reporting •  PCI •  HIPAA •  GRC Integration
  15. 15. © 2015 Denim Group – All Rights Reserved! Trending Report!
  16. 16. © 2015 Denim Group – All Rights Reserved! Point In Time Report!
  17. 17. © 2015 Denim Group – All Rights Reserved! Vulnerability Progress Report!
  18. 18. © 2015 Denim Group – All Rights Reserved! OWASP Top 10 Report!
  19. 19. © 2015 Denim Group – All Rights Reserved! Portfolio Report!
  20. 20. © 2015 Denim Group – All Rights Reserved! Remediation Report!
  21. 21. © 2015 Denim Group – All Rights Reserved! PCI Compliance Report!
  22. 22. © 2015 Denim Group – All Rights Reserved! Global Vulnerability Analytics!
  23. 23. © 2015 Denim Group – All Rights Reserved! GRC Integration!
  24. 24. © 2015 Denim Group – All Rights Reserved! Vulnerabilities and Controls!
  25. 25. © 2015 Denim Group – All Rights Reserved! 25! Translate vulnerabilities to developers in the tools they are already using
  26. 26. © 2015 Denim Group – All Rights Reserved! What’s New in ThreadFix 2.2?! •  HAM Now Embedded in Scanner Plugins •  OWASP ZAP •  Portswigger BurpSuite •  SonarQube Plugin •  Tools Download Page
  27. 27. © 2015 Denim Group – All Rights Reserved! SonarQube Integration!
  28. 28. © 2015 Denim Group – All Rights Reserved! Configuring SonarQube Plugin!
  29. 29. © 2015 Denim Group – All Rights Reserved! Seeding OWASP ZAP via HAM!
  30. 30. © 2015 Denim Group – All Rights Reserved! Integrated Tool Download Page!
  31. 31. © 2015 Denim Group – All Rights Reserved! ThreadFix Enterprise! •  Phone and Email Support •  Compliance Reporting •  PCI, HIPAA •  Scan Orchestration •  Enterprise Infrastructure •  LDAP/Active Directory Authentication •  Role- and Data-Based Access Control •  Proxy Support
  32. 32. © 2015 Denim Group – All Rights Reserved! ThreadFix Services! •  Kickstarts •  Feature Acceleration •  Application Security Program Outsourcing
  33. 33. © 2015 Denim Group – All Rights Reserved! Important Links! •  Main ThreadFix website: www.threadfix.org •  General information, downloads •  ThreadFix GitHub site: www.github.com/denimgroup/threadfix •  Code, issue tracking •  ThreadFix GitHub wiki: https://github.com/denimgroup/threadfix/wiki •  Project documentation •  ThreadFix Google Group: https://groups.google.com/forum/?fromgroups#!forum/ threadfix •  Community support, general discussion 33!
  34. 34. © 2015 Denim Group – All Rights Reserved! 34 Questions / Contact Information! Dan Cornell Principal and CTO dan@denimgroup.com Twitter @danielcornell (210) 572-4400 www.denimgroup.com www.threadfix.org
  • bryanonel1

    Jul. 17, 2015
  • KRIS10ANNEDAVIS

    Mar. 9, 2015

ThreadFix allows security analysts to create a consolidated view of applications and vulnerabilities, prioritize application risk decisions based on data, and translate application vulnerabilities to developers in the tools they are already using. This webinar examines how organizations can use ThreadFix 2.2 to help establish and scale their application security programs. Using a combination of demos and real-world examples, attendees will learn how to best use ThreadFix's capabilities to support their application security program. Topics will include: Consolidating application vulnerability data by integrating SAST, DAST and now IAST and component lifecycle management results into a single dashboard Managing application risk with ThreadFix’s completely overhauled vulnerability analytics and reporting as well as GRC integration capabilities Ramping up application penetration testing with the updated ThreadFix ZAP and Burp plugins, featuring integrated Hybrid Analysis Mapping Communicating security risks to development managers via SonarQube integration

Views

Total views

3,479

On Slideshare

0

From embeds

0

Number of embeds

1,519

Actions

Downloads

21

Shares

0

Comments

0

Likes

2

×