From 2011 to 2014, 17%* of crypto vulnerabilities in the CVE list were found in cryptographic libraries. The remaining 83% occurred in applications.
The 4-step Cryptosense approach to testing provides a holistic security solution for both libraries and applications.
A compliant cryptography provider is the first step towards a secure solution. Try our compliance tester for PKCS#11 APIs.
Vulnerabilities arise when commands that are individually secure, are used in combination. Cryptosense configuration software finds these combinations.
Once the configuration is secure, the application has to make use of the interface in a secure way. Cryptosense App Tracer analyses the calls made to the crypto interface.
Cryptosense Monitor continually checks configurations and key usage, sending alerts if out-of-standard configurations are found and providing reports for audits.
* “Why does cryptographic software fail? A case study and open problems” – David Lazar, Haogang Chen, Xi Wang, and Nickolai Zeldovich – Published at APSys ’14, June 25-26, 2014, Beijing, China.