Evaluate the Cryptographic Security of Java, OpenSSL or PKCS#11 Applications using Cryptosense Analyzer
1. Cryptosense Analyzer detects and shows how to fix security flaws related to the use of cryptography in applications
This includes core cryptographic functions like encrypting and signing files as well as peripheral operations such as key management and key storage, secure use of randomness, analyzing credentials used as passwords, etc.
Business applications use cryptography extensively, to store passwords, encrypt database fields, communicate with servers and clients using TLS, and implement web application protocols.
Modern developments combine off-the-shelf components, web application frameworks, in-house implementations, open-source libraries, third party code and legacy systems. Calls to crypto APIs can come from all of these.
2. Cryptosense Analyzer works by tracing calls from an application to its cryptographic libraries at run-time
This trace is then uploaded to our Analyzer platform where we apply a series of algorithms to detect flaws. The results are then presented on a web application on the same platform.
3. What do I need to use it?
An executable application using a cryptographic library for which there is a Cryptosense Tracer agent.
Currently we support:
- Java (JCE/JCA and Bouncycastle low level interface)
- OpenSSL (libssl and libcrypto),
- .NET is in development, with more to follow.
You also need an account on our analysis platform (for SaaS licenses) or an installed in-house Analyzer VM (for on-premise licenses).
4. How do I know if it’s worth running Cryptosense Analyzer on my applications?
Cryptosense Analyzer includes a Static Scanner tool that scans code for calls to crypto functions. It can be used to evaluate the degree to which a trace recorded by our agents covers all the crypto in an application, but it can also be used to find out how much crypto is called in an application.
Request a demo to find out more about the types of things Cryptosense Analyzer can find.