From 2011 to 2014, 17%* of crypto vulnerabilities in the CVE list were found in cryptographic libraries. The remaining 83% occurred in applications.
The 4-step Cryptosense approach to testing provides a holistic security solution for both libraries and applications.
A compliant cryptography provider is the first step towards a secure solution. Try our compliance tester for PKCS#11 APIs.
The implementation must be correctly configured by users to avoid vulnerabilities arising from combinations of commands which, when considered singly, are secure. Cryptosense software finds these combinations.
Once the configuration is secure, the application has to make use of the interface in a secure way. Cryptosense App Tracer analyses the calls made to the crypto interface.
Ongoing monitoring continually checks configurations and key usage, sending alerts if out of standard configurations are found. The solution can be tailored to suit system security policy and provide reports for audits.