Print Print  
Award Information
Proposal Number: HSHQDC-13-R-00009-H-SB013.1-002-0003-CRPP
Proposal Title: SBIR Proposal - Hybrid Analysis Mapping (HAM) -- Phase 2 CRPP
Topic Number: H-SB013.1-002
Phase: CRPP
Topic Title: Hybrid Analysis Mapping (HAM)
Organization: Denim Group, Ltd
Address: 1354 N Loop 1604 E
Ste 110
San Antonio, TX 78232-1342  
Abstract: During the course of our Phase 1 and Phase 2 SBIR contracts, Denim Group has developed a Hybrid Analysis Mapping (HAM) technology. At its core, this technology allows software assurance teams to correlate and merge the results of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) into a single unified view into the security state of an application. This technology has been included in Denim Group's ThreadFix application vulnerability management platform. In addition, the HAM technology has also been extended to provide additional capabilities such as: Calculating application attack surface and pre-seeding DAST scans with this attack surface to reduce false negative results from DAST scanning. Mapping DAST results to specific entry-point lines of source code in developer Integrated Developer Environments (IDEs) to reduce the time and level of effort required to remediate application vulnerabilities. Another trend that impacts the adoption and commercialization of HAM technology is that as software development teams move from Waterfall to Agile to DevOps development methodologies, they are also challenged with incorporating Software Assurance DAST and SAST testing into Continuous Integration/Continuous Delivery (CI/CD) pipelines to allow for security to be integrated into software development efforts with a minimum of impact on development teams. HAM technology is potentially very valuable to software development teams looking to quickly integrate application security testing in to CI/CD pipelines because it provides a consolidated view of weaknesses and vulnerabilities that is more efficient to consume and address.
Award/Contract Number: HSHQDC-16-C-00088
Period of Performance: 09/01/2016 - 05/31/2017
Award/Contract Value: $199,795.15
Award/Obligated Amount: $199,795.15