IAST for Cryptography

Cryptosense Analyzer integrates into your DevSecOps workflow to painlessly audit cryptography in your applications.

Discover and map the cryptography used by your applications; find and fix crypto-related security flaws; and demonstrate cryptographic security to QA, customers and auditors.

Start Free Trial

Cryptosense Analyzer

Available in SaaS or on-premise.

How do I use it?

Cryptosense Analyzer assesses applications by examining all cryptographic operations.

  • Our Tracer Agent attaches to a running application (either in Dev or Prod) and records all calls to the crypto library in a Trace file.
  • You then upload the Trace file to the Cryptosense Analyzer platform where the trace is analyzed using our proprietary analysis algorithms and unique rule base.
  • Analyzer shows where in the stacktrace vulnerabilities have been found and suggests remediations.

visit Support Pages

0.005%

False-positives

Our last 5 deployments averaged 868 instances per application across 9 different findings, with more than 8 findings being classed as high or medium criticality. We found less than 1 false positive.

Try it for free

Analyzer for Cloud Migrations

Analyzer for Cloud BETA allows you to map key lifecyles and library use before migrating to the cloud.



Pre-Migration

Analyzer maps all the crypto in your application so you know what you’re dealing with before you migrate. No more uncertainty.



Post-Migration

Analyzer studies the logs provided by your CSP to look for vulnerabilities caused by changes to your setup. Ongoing assurance that your crypto will work as expected in the cloud.

Get beta access

Common Questions

How can I get Cryptosense Analyzer?

Cryptosense Analyzer is available in SaaS edition or as an on-premise installation. Licensing is by annual subscription, per application. More information on SaaS pricing is available here. For a quote for an on-premise installation please get in touch.

Which APIs do you support?

– Java (JCE/JCA and Bouncycastle low level interface)
– OpenSSL (libssl and libcrypto)
PKCS#11
– .NET is in development

How do I know if I need to use Cryptosense Analyzer?

If you’re not sure how much cryptography is in your applications, you can use our (free) Cryptosense Analyzer Static Scanner tool to scan code for calls to crypto functions. It can be used to find out how much cryptography is called in an application, or to evaluate the degree to which a trace recorded by our agents covers all the cryptography in an application.

What types of flaws can Cryptosense Analyzer find?

– Incorrect choice of parameters to cryptographic functions
– Inappropriate combinations of cryptographic operations
– Incorrect use of randomness
– Weak cryptographic keys
– Weak passwords
– Weak password-based key deriviation
– Key management vulnerabilities
– Inappropriate key-lengths and group parameters
– Weak cryptographic algorithms
– Implementation vulnerabilities in cryptographic libraries

I’m not a cryptography expert, will I understand the results?

We provide extensive support and detailed documentation to help you get the most from your analysis. Cryptosense Knowledge Base is a rich source of detailed information about Symmetric and Asymmetric Algorithms, Padding Modes, Cryptographic Attacks and Key Management. Request a demo to see a typical Analyzer output.

Where can I get more information?

The best way to see how Cryptosense Analyzer works is to book a demo. We’ll show you the types of things Cryptosense Analyzer can find and explain more about trace analysis. You can also take a look at the Cryptosense Analyzer product sheet.

See our support pages for more information. Or get in touch with our support staff.

Try a Free 14-day Trial

Cryptosense Analyzer audits your applications and infrastructure to find vulnerabilities and understand your crypto landscape. Use it to optimise bug-fix resources and demonstrate compliance.