Quickly understand the vulnerability landscape of an application or HSM without painstaking manual analysis. Track cryptography KPIs, reduce time spent on remediations, and ensure that correct policy is being followed.
Efficiently prepare for audits by eliminating vulnerabilities in advance. Optimise cryptography expertise resources by only treating real findings – not false positives.
Understand the cartography of the cryptography in your application. Ensure security is maintained as you rearchitect, switch libraries, or deploy applications in the cloud.
“SAST does not go as far as Cryptosense in the detailed analysis of cryptographic calls. The value is in the relevance of findings. One can see many more things with Cryptosense than with SAST.”
International PKI Software Company
How it Works
1. Trace Analysis
Cryptosense trace analysis allows us to see 100% of calls to cryptographic libraries, without needing access to source code. To test libraries, we replace the application with our fuzzer.
2. Unique Rule Base
Traces are run through our proprietary analysis algorithms and checked against our unique rule base. Rules are continually updated in line with academic results.
3. Few False Positives
On average <1 false positive out of 800+ instances per report. Reports include links to stacktraces for fast debugging and compliance analysis.
Cryptosense software is based on technology developed by one of the world’s leading applied cryptography labs.
Based in Paris, France since 2013, we provide state-of-the-art software to the financial services industry, government agencies, software developers, and cloud providers. Our unique rule base, proprietary algorithms and patent-pending analysis method allow us to discover vulnerabilities in applications and secure infrastructure that can’t be found using manual analysis or SAST tools.
The rules and algorithms used by our flagship product Cryptosense Analyzer to detect cryptographic vulnerabilities are constantly updated thanks to internal R&D and partnerships with labs in the research community.