Issued Patents Will Drive Innovation in Managing Large Volumes of Data Generated by Application Security Testing Programs
San Antonio, TX – October 30, 2018 – – Denim Group, the leading independent application security firm, today announced that the United States Patent and Trademark Office (USPTO) has awarded the company two patents which will provide a method of correlating and merging static application security testing (SAST) and dynamic application security testing (DAST) for web and mobile applications. The official name of the Hybrid Analysis Mapping (HAM) patents are as follows: Method of Correlating Static and Dynamic Application Security Testing Results for a Web Application (Patent #10,043,012) and Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application (Patent #10,043,004).
The continued proliferation of websites, web applications, and mobile applications that handle sensitive data makes securing an organization’s application portfolio a major challenge. Effective application security programs utilize multiple types of analysis to test applications for security vulnerabilities, resulting in a high volume of data produced. This increased data can be valuable when it provides deeper insight into vulnerabilities; however, it can also make the problem of identifying areas of concern harder to manage by requiring further manual reviews by the analyst or highlighting large numbers of vulnerabilities and weaknesses that are of low value or priority. Without positive correlation of large data sets, the value of vulnerability data sets is diminished.
Denim Group has implemented the technology from these two Hybrid Analysis Mapping patents into their vulnerability resolution management platform, ThreadFix, in order to help organizations efficiently manage the large volume of data that is generated by an organization’s application security testing program. This technology makes ThreadFix the first platform able to correlate SAST and DAST results without requiring a runtime agent. As a result, organizations report a 71% success rate in matching SAST and DAST results and an average reduction of 15-35% in overall findings. ThreadFix improves the ability of the application development team to identify vulnerabilities found by both testing tools and prioritize them in order of degree to be addressed.
“We are honored to be awarded these two patents by the USPTO to help organizations more effectively manage their application security testing data,” said CTO of Denim Group, Dan Cornell. “By enabling organizations to more accurately correlate the results of static scans with dynamic scans and manage the data that is generated by their testing program more efficiently, we are delivering a significant breakthrough for today’s industry professionals in the application security space.”