ThreadFix is a software vulnerability aggregation and management system that brings together a variety of code analysis tools that enable you to locate and fix potential vulnerabilities in the code you write, in the languages you use, and with affordable costs.
- Application development and security teams use software scanning tools as well as manual testing to assess the security of an application
- Each test delivers results in different formats and duplicates are created because test platforms describe the same flaws differently
- Workflow Implementation is difficult or impossible
- Software development teams receive unmanageable reports
- Imports dynamic, static and manual testing results into a centralized platform
- Removes duplicate findings across testing platforms to provide a prioritized list of security faults
- Reduces the time required to fix vulnerable applications.
- Exports prioritized result lists into defect tracker of choice to streamline software remediation efforts for development
- Auto generates web application firewall rules to protect data during vulnerability remediation to reduce risk
- Empowers managers with vulnerability trending reports to pinpoint issues and illustrate application security progress
Consolidated View of Application Test Results
Consolidate and de-duplicate imported results to get a complete view of the state of your applications.
Get the latest security status of your applications immediately
Defect Tracker Integration
Translate application vulnerabilities into software defects
Create virtual Web Application Firewall (WAF) rules to help block malicious traffic while vulnerabilities are being resolved.
Compatible with Open Source and Commercial Products
Dynamic and static scanning technologies, SaaS testing platforms, IDS/IPS, WAFs and defect trackers
Commercial & Free Tool Support:
Open Source: Dynamic/Static Scanners: OWASP Zed Attack Proxy, Arachni, w3af, Skipfish, Microsoft CAT.NET, FindBugs, Brakeman, CPPcheck / WAF / IDS / IPS: Mod_Security, Snort / Defect Trackers: Mozilla Bugzilla
Commercial tools: Checkmarx, Virtual Forge and the major vendors in these and additional fields