ThreadFix – Vulnerability Aggregation & Management System

Use Netsparker


ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts.

ThreadFix - Vulnerability Aggregation & Management System

ThreadFix also allows users to input the results of manual penetration testing, code review and threat modeling to provide a comprehensive view of software security for an organization. Once a unified list of security vulnerabilities has been created, ThreadFix allows application security managers to further prioritize discovered vulnerabilities via a centralized dashboard. The platform allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. As the development team resolves defects, status updates are synchronized within ThreadFix, enabling the security team to schedule follow-up testing to confirm that security holes have indeed been closed.

Features

  • Consolidated View of Application Test Results – Consolidate and de-duplicate imported results from open source, commercial dynamic and static scanning tools, as well as the results of manual testing and threat modeling to get a complete view of the state of your applications.
  • Reports – Get the latest security status of your applications while providing an eagle’s-eye view of your organization’s progress over time to pinpoint any process problems.
  • Defect Tracker Integration – Help security professionals translate application vulnerabilities into software defects and push tasks to developers in the tools and systems they are already using.
  • Virtual Patching – Create virtual Web Application Firewall (WAF) rules to help block malicious traffic while vulnerabilities are being resolved. While your organization takes on remediation of your applications, virtual patching helps guard against common vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injections.
  • Compatible with Open Source and Commercial Products – ThreadFix is compatible with a number of commercial and freely available dynamic and static scanning technologies, SaaS testing platforms, IDS/IPS and WAFs and defect trackers.

You can download Threadfix 2.1RC1 here:

2.1RC1-tag.zip

Or read more here.

Posted in: Countermeasures, Security Software

,


Latest Posts:


Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.


Comments are closed.