June 20, 2019

Cryptosense Automates PCI-DSS Cryptography Audit for a World-Leading Financial Services Firm

A recent success story for Cryptosense is our roll-out with a large global player in the ATM (cash machine) network.

Since this firm is considered a Service Provider in the PCI regulations, they have regular audits to pass which contain a lot of requirements on cryptography: full cartography of applications, compliance with NIST standards etc.

This used to take our customer a lot of time and resources, but since our Analyzer platform doesn’t just report cryptographic issues but correct, compliant use of cryptography, it’s the ideal tool to take over this job and free up resources for more productive tasks. The reports produced by the Analyzer are produced automatically thanks to our integration with Maven in CI, and contain coverage information to validate the testing. We worked with 3key Company to deliver the install.

Read more about this case study here (1 page PDF).

November 13, 2018

Cryptosense on the NoLimitSecu Podcast

I was the guest on the francophone infosec podcast NoLimitSecu this week, talking about TLS v1.3: why it’s important, how it’s different from previous versions of the protocol, and what real differences to security the new cryptographic design will make. Check it out and see if my French accent has improved.

Thanks to the regular podcasters for the warm welcome and the searching questions: Christophe Renard, Nicolas Ruff, Johanne Ulloa, Marc-Frederic Gomez, and Vladimir Kolla.

September 28, 2018

Updating our Cloud Crypto Provider Comparison

Our comparison of cloud crypto services is one of the most popular pages on our site, so we’re making an effort to keep it up to date as the “big three” providers announce new features. The latest update includes faster KMS speeds recently announced by Amazon, the PKCS#12 method for Bring-your-own-key that’s supported by Microsoft Azure (but not so easy to find details of), and the Google KMS support for asymmetric keys.

The latest version of the infographic is below. If you’re interested in integrating your application with cloud crypto services or cloud HSMs, you might want to check out our new cloud crypto whitepaper, where we compare in detail these services and various migration approaches.

February 6, 2018

Cryptosense a Winner in the BPI Innovation Competition

Cryptosense is delighted to announce that we have received funding from BPI France (the Banque Publique d’Investissement) for an exciting new project.

After a competitive selection process, our project was one of 68 selected for funding from a pool of 252 entrants to the 7th edition of BPI France’s Digital Innovation Competition.

Continue reading →

October 14, 2016

Crypto Risk Training in Paris, 5th December

We’ll be running a new training here at our offices in central Paris in December covering crypto flaws in applications.

Mention crypto flaws to many people and they will think of deprecated algorithms that pose a marginal risk, but crypto bugs in applications can lead directly to things like remote code execution, compromise of credentials and loss of data. We’ll show how this happens and how to avoid it. The training will include some examples of real flaws we’ve found recently using our Analyzer software.

Go to the event page to find the syllabus and how to sign up.

Try Cryptosense Analyzer for Free

October 3, 2016

Cryptosense Java Analyzer – Case Study with Primekey

PrimeKey Solutions develops and supports the most downloaded open source enterprise public-key infrastructure (PKI) software available, EJBCA. You can find out why they use Cryptosense Analyzer for Java in a case study we’re releasing today.

We already use a variety of tools to ensure software quality, but we see security as an area of continuous improvement, and Cryptosense tools give us a cryptography-focused view that other tools can’t provide. A strong statement in itself, given the fact that PrimeKey’s teams of engineers work day in and day out with cryptography.

Tomas Gustavsson, CTO PrimeKey

PrimeKey Case Study

Try Cryptosense Analyzer for Free

June 24, 2016

Cryptosense Wins the “Assises de La Sécurité” Startup Prize 2016

We’re delighted to announce we’re the winners of this year’s “Prix De l’Innovation”, a security start-up prize awarded by Le Cercle, an association of French CISOs and consultants.

Prix de l'#Innovation 2016 Le gagnant est… @cryptosense ! Félicitations et rendez-vous en octobre @Les_Assises pic.twitter.com/cSVOX4T3ej
— Le Cercle (@Le_Cercle) June 24, 2016

We were shortlisted on the basis our our written submission, then took part in the pitch competition last Thursday evening in Paris. The prize is a booth at the annual “Assises de la Sécurité” show in Monaco in October, France’s largest security trade show and conference.

If you’re coming too, let us know, we would be delighted to give you a personal demo of our tools for finding and fixing weaknesses in cryptography use by applications and infrastructure.

Get a 14-day Cryptosense Analyzer Trial

October 16, 2015

The UBS Future of Finance Challenge

Cryptosense has been selected as a regional finalist in the UBS Future of Finance Challenge. Our entry was chosen from amongst 600 entries to take part in the regional final in London in November. The Challenge is a global competition to find entrepreneurs, start-ups or growing companies that could change the way finance works and how banks meet their client’s needs.

You can read more about the UBS Future of Finance Challenge here.

Update

We were one of the three winners of the London final.

October 8, 2014

Rethinking PKCS#11 Compliance

Some standards come with compliance criteria built in – you can’t say you’ve implemented the standard until your code can pass the tests. With PKCS#11, a 407-page standard specifying the most widely used API in cryptographic hardware, there are no such tests. So how can a would-be PKCS#11 user discriminate between a good implementation of the API and a bad one? And how can a manufacturer find compliance bugs and then demonstrate the quality of their product?

Continue reading →