Coalfire consultants combine expert human understanding of distinctive application contexts with commercial and open-source tools, techniques, and custom approaches to determine what an attacker could do to an application, including:
- Bypass authentication and authorization
- Gain unauthorized access to sensitive or critical data
- Manipulate data presentation at runtime
We conduct an extensive attack surface assessment from a dynamic runtime perspective for web applications, web services (APIs), and thick clients with custom protocols.
Whether it’s a hybrid or native mobile application developed in-house or by a third party, our mobile AppSec assessments deliver breadth and depth regardless of the underlying platform or device type. We analyze device data storage and classification, test backend web services consumed by the app, and verify the confidentiality and integrity of network communications.
Coalfire has designed a completely transparent and in-depth assessment that is augmented with a focused code review to increase test coverage and efficiency.
Our approach to IoT testing enables our clients to navigate device and ecosystem-related risks while balancing time-to-market demands.