Get a Cryptography Audit of your Application in just a few Minutes
Cryptosense Analyzer works by tracing calls from the application to its crypto libraries and then analyzing these calls. Tracing calls require a one-line configuration change in the application. For example, for Java, you just have to invoke Java with an extra command-line switch to use the Cryptosense tracing agent. If your application runs in a framework, we can supply the configuration change you need to put the agent in place. The agent will run on any JVM supporting Java 7, 8 or 9.
No need to Recompile
This analysis method of finding security flaws in a running application is known as interactive application security testing or IAST. However, unlike other IAST tools, our method does not require you to recompile your application from source, nor does it require the application to be executed in a special virtual machine. It doesn’t change the bytecode so stability is unaffected, unlike some other IAST approaches where crashes of the instrumented application frequently frustrate analysts. Performance slowdown depends on the amount of crypto the application uses but is usually imperceptible during integration tests.
Fast Report Generation
Once you’ve run the application and made a trace, either by running the application’s existing unit or integration tests, or by using the application interactively, getting a crypto audit is as simple as uploading the file to our SaaS platform and clicking on Generate Report. Even for large traces from crypto-intensive applications take only a matter of minutes to analyze.
Self-contained On-premise Install
For enterprise customers, we supply Cryptosense Analyzer on-premise as a package for RHEL or Debian Linux. You can install it on your own VM inside your network. Analyzer is completely self-contained and no external communication is required. Updates to our analysis rules are supplied as updates to the Linux packages.