November 5, 2019

Partnership with Unbound Tech

We’re delighted to announce a new partnership with Unbound Tech. Their Distributed Trust Platform is the first pure-software solution that protects secrets such as cryptographic keys, credentials or other private data by ensuring they never exist anywhere in complete form. As such it’s an interesting target for our customers using Cryptosense Analyzer Platform to migrate their applications to cloud crypto services.

Through this partnership, Unbound Tech will utilize the Cryptosense PKCS#11 Fuzzer, a mutation-based fuzzing engine, to test the Unbound Key Control (UKC) and Crypto-of-Things (COT) PKCS#11 implementations. By sending commands to a device’s PKCS#11 interface and logging the responses, the Cryptosense Fuzzer will test traces of exchanges between an application and a cryptographic library to ensure these virtual appliances are properly secured in the event of a PKCS#11 API attack.

“With Cryptosense’s stamp of approval, our clients can now feel more confident in adopting this approach to securing their sensitive information.”
– Guy Peer, Co-founder at Unbound Tech.

As well as testing PKCS#11 implementations, Cryptosense Analyzer Platform is the only tool on the market that provides everything you need for a secure and simple migration to cloud crypto services from start to finish. Our software looks inside a running application to see what cryptography is really being used, tests the use of the cloud crypto service to check for vulnerabilities and monitors the security of the migrated application in the cloud. By partnering with Unbound, we’re able to reassure our customers of the continued security of their Virtual HSM and the applications that use it.

Read the full press release here.

Find out more about Unbound Tech here.

CAP Unbound partnership

June 20, 2019

Cryptosense Automates PCI-DSS Cryptography Audit for a World-Leading Financial Services Firm

A recent success story for Cryptosense is our roll-out with a large global player in the ATM (cash machine) network.

Since this firm is considered a Service Provider in the PCI regulations, they have regular audits to pass which contain a lot of requirements on cryptography: full cartography of applications, compliance with NIST standards etc.

This used to take our customer a lot of time and resources, but since our Analyzer platform doesn’t just report cryptographic issues but correct, compliant use of cryptography, it’s the ideal tool to take over this job and free up resources for more productive tasks. The reports produced by the Analyzer are produced automatically thanks to our integration with Maven in CI, and contain coverage information to validate the testing. We worked with 3key Company to deliver the install.

Read more about this case study here (1 page PDF).

November 15, 2018

Whitepaper Updates

Over the last few months we’ve updated our popular whitepapers.

The Cloud Cryptography Migration whitepaper now covers the latest crypto features released by the big three cloud service providers (AWS, GCP and Azure).
The Java crypto Security Whitepaper has been updated to take into account the changes Oracle made to the Java keystores after our vulnerability research work last year as well as several other smaller updates.
Finally the PKCS#11 security whitepaper has been updated to reflect more closely how we’ve seen HSM users consider the security of these devices.

We always appreciate feedback and suggestions on our whitepapers, please don’t hesitate to get in touch.

November 13, 2018

Cryptosense on the NoLimitSecu Podcast

I was the guest on the francophone infosec podcast NoLimitSecu this week, talking about TLS v1.3: why it’s important, how it’s different from previous versions of the protocol, and what real differences to security the new cryptographic design will make. Check it out and see if my French accent has improved.

Thanks to the regular podcasters for the warm welcome and the searching questions: Christophe Renard, Nicolas Ruff, Johanne Ulloa, Marc-Frederic Gomez, and Vladimir Kolla.

February 6, 2018

Cryptosense a Winner in the BPI Innovation Competition

Cryptosense is delighted to announce that we have received funding from BPI France (the Banque Publique d’Investissement) for an exciting new project.

After a competitive selection process, our project was one of 68 selected for funding from a pool of 252 entrants to the 7th edition of BPI France’s Digital Innovation Competition.

Continue reading →

January 11, 2017

Cryptosense at RSA 2017

Cryptosense will be exhibiting at the RSA conference in San Francisco this year. We’ll at booth #2 in the Early Stage Expo along with 39 other security startups.

Continue reading →

October 14, 2016

Crypto Risk Training in Paris, 5th December

We’ll be running a new training here at our offices in central Paris in December covering crypto flaws in applications.

Mention crypto flaws to many people and they will think of deprecated algorithms that pose a marginal risk, but crypto bugs in applications can lead directly to things like remote code execution, compromise of credentials and loss of data. We’ll show how this happens and how to avoid it. The training will include some examples of real flaws we’ve found recently using our Analyzer software.

Go to the event page to find the syllabus and how to sign up.

Try Cryptosense Analyzer for Free

October 3, 2016

Cryptosense Java Analyzer – Case Study with Primekey

PrimeKey Solutions develops and supports the most downloaded open source enterprise public-key infrastructure (PKI) software available, EJBCA. You can find out why they use Cryptosense Analyzer for Java in a case study we’re releasing today.

We already use a variety of tools to ensure software quality, but we see security as an area of continuous improvement, and Cryptosense tools give us a cryptography-focused view that other tools can’t provide. A strong statement in itself, given the fact that PrimeKey’s teams of engineers work day in and day out with cryptography.

Tomas Gustavsson, CTO PrimeKey

PrimeKey Case Study

Try Cryptosense Analyzer for Free

June 24, 2016

Cryptosense Wins the “Assises de La Sécurité” Startup Prize 2016

We’re delighted to announce we’re the winners of this year’s “Prix De l’Innovation”, a security start-up prize awarded by Le Cercle, an association of French CISOs and consultants.

Prix de l'#Innovation 2016 Le gagnant est… @cryptosense ! Félicitations et rendez-vous en octobre @Les_Assises pic.twitter.com/cSVOX4T3ej
— Le Cercle (@Le_Cercle) June 24, 2016

We were shortlisted on the basis our our written submission, then took part in the pitch competition last Thursday evening in Paris. The prize is a booth at the annual “Assises de la Sécurité” show in Monaco in October, France’s largest security trade show and conference.

If you’re coming too, let us know, we would be delighted to give you a personal demo of our tools for finding and fixing weaknesses in cryptography use by applications and infrastructure.

Get a 14-day Cryptosense Analyzer Trial