Vulnerability Management for Cryptography


Run-time analysis of crypto use
to eliminate vulnerabilities from applications and infrastructure.


How it works


1. Tracing

Cryptosense traces crypto operations on the network and in application calls to crypto libraries, without needing access to source code.


2. Analysis

Traces are run through our security analysis algorithms derived from the latest academic results and Cryptosense’s own vulnerability research.


3. Remediation

Results include links to stacktraces for fast debugging and compliance analysis to ENISA, NIST, PCI-DSS or a custom crypto policy.

Evaluate Crypto use in Java applications

For any application that uses a JCA crypto provider like Oracle JCE or BouncyCastle, Cryptosense Analyzer gives you visibility on the cryptography your application is using and assesses its security.

Detect key-management flaws, password-storage errors, weak algorithms/short keys, randomness issues, poor nonce management, vulnerable composition of operations, and more.

Download Product Brochure


See how Cryptosense Analyzer can help you master crypto risk in your applications.

Manage the Security of your PKCS#11 Deployment

Choosing, configuring, deploying and securely using a cryptographic device like a Hardware Security Module (HSM) is far from simple.

Find out how Cryptosense software can help ensure security

Discover External Facing Crypto Vulnerabilities

Our Discovery tool assesses the configuration of common network services that use cryptography. Includes coverage for TLS, SSH, STARTTLS. Try it for any domain or IP address for free.

How will your servers measure up?

Try it now!


Java crypto security whitepaper

Covers JCE and BouncyCastle, key-management vulnerabilities, flaws in encryption and signature modes, randomness problems, insecure interactions between crypto operations and more.