Application security assessments

Connect with us

Vulnerable web-facing applications are rapidly becoming the most popular attack vector of malicious hackers. Application code vulnerabilities and design flaws in content-rich, web-based, thick-client, and mobile apps can be targeted to penetrate networks and steal sensitive information. To mitigate these threats, application security assessments must be built into the development and release lifecycle.

Securing the design, development, and deployment of your applications

Our application security assessments identify weaknesses in your proprietary or third-party applications and propose fixes that enhance your system’s security posture. By combining the use of leading tools with targeted, expert manual analysis of your application, we diagnose threat susceptibility and provide you with repeatable, measurable, transparent, and actionable results.

Through the evaluation of hundreds of technology stacks for government agencies, Fortune 500 companies, and cloud service providers, Coalfire Labs has developed a comprehensive approach to analyzing solutions and built standard frameworks and completely custom implementations.

Our approach

Web application assessments

  • Assess your application from an adversarial standpoint.
  • Evaluate your application for misconfigurations, logic attacks, and input validation issues.

Application program interfaces (APIs)

  • Perform in-depth API mapping and manual analysis.
  • Ensure consistent boundary checking for API requests.
  • Evaluate your APIs for misconfigurations, logic attacks, and input validation issues.

Mobile applications (iOS, Android, Windows Phone)

  • Analyze application data storage routines.
  • Evaluate the usage of platform protections.
  • Identify permission boundary checking and analysis.

Thick application clients and interfaces

  • Analyze network traffic patterns for external communications.
  • Reverse engineering application to determine if vulnerabilities exist.
  • Conduct input validation checking and fuzzing activities.

Static source code analysis

  • Evaluate code quality and implementation from functional and security perspectives.
  • Manually verify findings and provide context as necessary.
  • Develop proof-of-concept code to show impact of vulnerabilities.

Why choose Coalfire for your application security assessment?

  • Our approach goes beyond automated tools and processes to include manual reviews, adversarial analyses, and tailored manual techniques to fully explore identified vulnerabilities.
  • We ensure assessments are effectively executed within your project timeline by prioritizing the urgency of potential vulnerabilities.
  • We follow the Open Web Application Security Project (OWASP) testing guidelines to identify configuration flaws, session management issues, application authentication mechanisms, business and application logic assumptions, and input validation issues.
  • Our assessments provide valuable and actionable insights into discovered vulnerabilities, projected business impact, and remediation steps.

Follow CoalfireLabs on Twitter


Connect with us