Integrating Burp Suite with ThreadFix

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.

The ThreadFix extension in the BApp Store provides an interface between Burp and ThreadFix, allowing you to upload Burp Scans to ThreadFix for further analysis and action.

Integration_ThreadFix_1

With threadFix installed and configured, install the ThreadFix extension from the BApp Store.

 
Integration_ThreadFix_2

Having used Burp Scanner on the web application you are testing, you can now export the scan results to ThreadFix.

Go to the ThreadFix "Main" tab and click "Export Scan".

 
Integration_ThreadFix_3

Unless you have configured these settings in options, you will be asked to enter the URL you are using for ThreadFix and the API key.

 

 
Integration_ThreadFix_4

You can generate an API key by going to the ThreadFix options menu.

 
Integration_ThreadFix_5

Click "Create New Key".

Enter a name you would like to associate with your API key and click "Create Key".

 
Integration_ThreadFix_6

ThreadFix should inform you that the Key has been successfully created.

Select and copy the key.

 
Integration_ThreadFix_7

Enter the key in to the "API Key" box and click "Ok".

 
Integration_ThreadFix_8

You will now be able to upload the scan to Threadfix.

 
Integration_ThreadFix_8.1

You can use the ThreadFix "Options" tab to configure the settings above and to select an Application that the uploaded scan will be associated with.

 
Integration_ThreadFix_9

Any uploaded scans will be now be available via the ThreadFix application.