Uncover security gaps and avoid risk.
Application code vulnerabilities and design flaws are the new battleground in information security. The sophistication of tools and attack methodologies has exposed information, applications and developers to an onslaught of risk. Coalfire engages development teams and key development stakeholders to test applications and identify vulnerabilities. Application code reviews uncover security gaps and provide recommendations to remediate risks. Coalfire audits application source code using manual and automated techniques to identify vulnerabilities. We maintain an application testing laboratory to validate compliance to the Payment Application – Data Security Standards (PA-DSS). At a minimum, Coalfire reviews applications to validate that known vulnerabilities published by the Open Web Application Security Project (OWASP) have been addressed.
In addition to source code review, Coalfire examines design weaknesses for flaws like legacy interoperability or insecure architectural dependencies that may result in a security compromise. Our application code review provides detailed documentation of each finding that includes guidance for immediate resolution and long-term development risk treatments. Software development is an iterative process and requires that independent application code review be incorporated into your security development lifecycle at critical audit checkpoints. Coalfire has managed solution offerings that can integrate with your development teams for ongoing independent review and audit of application security. PCI compliance for sections 6.3 and 6.6 require code review of electronic payment applications.