Cryptosense Analyzer

Evaluate the Cryptographic Security of Java, OpenSSL or PKCS#11 Applications using Cryptosense Analyzer

Cryptosense Analyzer

About Cryptosense Analyzer

1. What does Cryptosense Analyzer do?

Cryptosense Analyzer detects (and shows you how to fix) security flaws related to the use of cryptography in applications.

This includes core cryptographic functions like encrypting and signing files as well as peripheral operations such as key management and key storage, secure use of randomness, analyzing credentials used as passwords, etc.

Business applications use cryptography extensively, to store passwords, encrypt database fields, communicate with servers and clients using TLS, and implement web application protocols.

Modern developments combine off-the-shelf components, web application frameworks, in-house implementations, open-source libraries, third party code and legacy systems. Calls to crypto APIs can come from all of these.

2. How does it work?

Cryptosense Analyzer works by tracing calls from an application to its cryptographic libraries at run-time.

This trace is then uploaded to our Analyzer platform where we apply a series of algorithms to detect flaws. The results are presented in a web application on the same platform.

3. What do I need to use it?

An executable application using a cryptographic library for which there is a Cryptosense Tracer agent.

Currently we support:

  • Java (JCE/JCA and Bouncycastle low level interface)
  • OpenSSL (libssl and libcrypto),
  • PKCS#11
  • .NET is in development, with more to follow.

You also need an account on our analysis platform (for SaaS licenses) or an installed in-house Analyzer VM (for on-premise licenses).

4. How do I know if it’s worth running Cryptosense Analyzer on my applications?

Cryptosense Analyzer includes a Static Scanner tool that scans code for calls to crypto functions. It can be used to evaluate the degree to which a trace recorded by our agents covers all the crypto in an application, but it can also be used to find out how much crypto is called in an application.

Book a demo to find out more about the types of things Cryptosense Analyzer can find.

5. What is the Knowledge Base?

Cryptosense Knowledge Base is a rich source of detailed information about Symmetric and Asymmetric Algorithms, Padding Modes, Crypto Attacks and Key Management.

Access to Cryptosense Knowledge Base is included with Analyzer licences, or by subscription. To subscribe get in touch via the contact page.


Download Crypto Security Whitepapers

Find out how to find and fix crypto vulnerabilities in Java and PKCS#11 deployments