How do I use Cryptosense Analyzer?
Cryptosense Analyzer is an analysis platform that analyses trace files. To make a trace file you attach Cryptosense App Tracer or Cryptosense Library Fuzzer to a running application which records calls to the crypto library. The resulting trace file is then uploaded to the Cryptosense Analyzer platform where we apply our proprietary analysis algorithms and check the trace against our unique rule base.
Does it need access to source code?
Cryptosense App Tracer sees 100% of calls to crypto libraries in a running application, without needing access to source code. To test libraries, we replace the application with our proprietary fuzzing engine: Cryptosense Library Fuzzer.
Which APIs do you support?
– Java (JCE/JCA and Bouncycastle low level interface)
– OpenSSL (libssl and libcrypto)
– .NET is in development
Is there an on-premise version of the tool?
Yes there is, including enterprise features such as SSO integration and an option to customize analysis rules. Contact us for details.
What types of flaws can Cryptosense Analyzer find?
– Incorrect choice of parameters to crypto functions
– Inappropriate combinations of crypto operations
– Incorrect use of randomness
– Weak cryptographic keys
– Weak passwords
– Weak password-based key deriviation
– Key management vulnerabilities
– Inappropriate key-lengths and group parameters
– Weak cryptographic algorithms
– Implementation vulnerabilities in cryptographic libraries
How often will Cryptosense’s vulnerability database be updated?
We maintain close links to academic institutions, this means that we are able to keep our software up-to-date with information about latest vulnerabilities, even before their official publication. Our SaaS customers benefit from live updates. On-premise installations are updated every 3 months.
How can I get Cryptosense Analyzer?
What contract options are available?
Cryptosense Analyzer SaaS edition is available on a monthly or annual, per application basis. We operate degressive pricing for multiple applications.
How will Cryptosense protect my data?
All the data collected by Cryptosense Analyzer SaaS edition is stored on Amazon Web Services servers. For more information on the security measures used by AWS to protect your data see: aws.amazon.com/security. For details of how we code securely and pen-test our service, get in touch.
What will happen to my data?
All rights to your data are maintained by you. We provide the ability to easily export your data and take it elsewhere, if desired. Your data will never be shared with or sold to a third party. Whilst your account remains active you have full access to your information, for viewing or transfer, at any time. Information can be downloaded in a variety of formats.
What type of support is included?
All packages include operational software support as well as access to Cryptosense’s crypto vulnerability Knowledge Base. Premium and Premium Plus packages also include 24h crypto expertise support via email.
I’m not a crypto expert, will I understand the results?
We provide extensive support and detailed documentation to help you get the most from your analysis. Cryptosense Knowledge Base is a rich source of detailed information about Symmetric and Asymmetric Algorithms, Padding Modes, Crypto Attacks and Key Management. Request a demo to see a typical Analyzer output.
How do I know if I need to use Cryptosense Analyzer?
If you’re not sure how much crypto is in your applications, you can use our (free) Cryptosense Analyzer Static Scanner tool to scan code for calls to crypto functions. It can be used to find out how much crypto is called in an application, or to evaluate the degree to which a trace recorded by our agents covers all the crypto in an application.