Capability architecture
Certificate & Trust Analysis: context, validation and evidence.
This capability contributes to the same platform outcome: understanding realistic attacker exposure and proving what matters.
01Why it matters
- Certificates reveal domains, infrastructure relationships, expiry risk and trust boundaries.
- Weak TLS, expired certificates or unexpected certificate relationships can increase attack feasibility.
- Trust analysis enriches both exposure intelligence and compliance reporting.
02ThreatCanary approach
- Collect certificate metadata, chains, SANs, issuers, expiry dates and TLS configuration signals.
- Correlate certificates with domains, services, cloud edges, APIs and ownership.
- Create findings or drift events when trust posture changes or risk is detected.
03What it validates or reveals
- Expiring certificates and weak TLS configurations.
- Unexpected domain relationships and certificate reuse.
- Trust paths relevant to attack-path or outage risk.
04Evidence and outputs
- A clear explanation of the exposure, affected assets and likely attack path.
- Reproducible evidence suitable for analysts, developers and risk owners.
- Prioritisation based on exploitability, business impact, sensitive data and chainability.
- Owner, remediation and workflow context that can move into Jira, Slack, SIEM or reporting.
