Find, prioritize, aggregate and visualize software vulnerabilities
Click here to watch a Video introduction
ThreadFix is a software vulnerability aggregation and management system that brings together a variety of code analysis tools that enable you to locate and fix potential vulnerabilities in the code you write, in the languages you use, and with affordable costs.
THE PROBLEM
- Application development and security teams use software scanning tools as well as manual testing to assess the security of an application
- Each test delivers results in different formats and duplicates are created because test platforms describe the same flaws differently
- Workflow Implementation is difficult or impossible
- Software development teams receive unmanageable reports
THE SOLUTION
- Imports dynamic, static and manual testing results into a centralized platform
- Removes duplicate findings across testing platforms to provide a prioritized list of security faults
- Reduces the time required to fix vulnerable applications.
- Exports prioritized result lists into defect tracker of choice to streamline software remediation efforts for development
- Auto generates web application firewall rules to protect data during vulnerability remediation to reduce risk
- Empowers managers with vulnerability trending reports to pinpoint issues and illustrate application security progress
Consolidated View of Application Test Results
Consolidate and de-duplicate imported results to get a complete view of the state of your applications.
Reports
Get the latest security status of your applications immediately
Defect Tracker Integration
Translate application vulnerabilities into software defects
Virtual Patching
Create virtual Web Application Firewall (WAF) rules to help block malicious traffic while vulnerabilities are being resolved.
Compatible with Open Source and Commercial Products
Dynamic and static scanning technologies, SaaS testing platforms, IDS/IPS, WAFs and defect trackers
Commercial & Free Tool Support:
Open Source: Dynamic/Static Scanners: OWASP Zed Attack Proxy, Arachni, w3af, Skipfish, Microsoft CAT.NET, FindBugs, Brakeman, CPPcheck / WAF / IDS / IPS: Mod_Security, Snort / Defect Trackers: Mozilla Bugzilla
Commercial tools: Kiuwan, Virtual Forge, Checkmarx and the major vendors in these and additional fields
Resources
Solution Flyer Thread Fix english Solution Flyer Thread Fix deutsch
Webinar September 2016: Integration with Checkmarx
Integration of the DevOps team into the build process: RSA talk