We’re delighted to announce a new partnership with Unbound Tech. Their Distributed Trust Platform is the first pure-software solution that protects secrets such as cryptographic keys, credentials or other private data by ensuring they never exist anywhere in complete form. As such it’s an interesting target for our customers using Cryptosense Analyzer Platform to migrate their applications to cloud crypto services.
Continue reading →
A recent success story for Cryptosense is our roll-out with a large global player in the ATM (cash machine) network.
Since this firm is considered a Service Provider in the PCI regulations, they have regular audits to pass which contain a lot of requirements on cryptography: full cartography of applications, compliance with NIST standards etc.
This used to take our customer a lot of time and resources, but since our Analyzer platform doesn’t just report cryptographic issues but correct, compliant use of cryptography, it’s the ideal tool to take over this job and free up resources for more productive tasks. The reports produced by the Analyzer are produced automatically thanks to our integration with Maven in CI, and contain coverage information to validate the testing. We worked with 3key Company to deliver the install.
Read more about this case study here (1 page PDF).
Over the last few months we’ve updated our popular whitepapers.
We always appreciate feedback and suggestions on our whitepapers, please don’t hesitate to get in touch.
I was the guest on the francophone infosec podcast NoLimitSecu this week, talking about TLS v1.3: why it’s important, how it’s different from previous versions of the protocol, and what real differences to security the new cryptographic design will make. Check it out and see if my French accent has improved.
Thanks to the regular podcasters for the warm welcome and the searching questions: Christophe Renard, Nicolas Ruff, Johanne Ulloa, Marc-Frederic Gomez, and Vladimir Kolla.
Our comparison of cloud crypto services is one of the most popular pages on our site, so we’re making an effort to keep it up to date as the “big three” providers announce new features. The latest update includes faster KMS speeds recently announced by Amazon, the PKCS#12 method for Bring-your-own-key that’s supported by Microsoft Azure (but not so easy to find details of), and the Google KMS support for asymmetric keys.
The latest version of the infographic is below. If you’re interested in integrating your application with cloud crypto services or cloud HSMs, you might want to check out our new cloud crypto whitepaper, where we compare in detail these services and various migration approaches.
Cryptosense is delighted to announce that we have received funding from BPI France (the Banque Publique d’Investissement) for an exciting new project.
After a competitive selection process, our project was one of 68 selected for funding from a pool of 252 entrants to the 7th edition of BPI France’s Digital Innovation Competition.
Cryptosense will be exhibiting at the RSA conference in San Francisco this year. We’ll at booth #2 in the Early Stage Expo along with 39 other security startups.
We’ll be running a new training here at our offices in central Paris in December covering crypto flaws in applications.
Mention crypto flaws to many people and they will think of deprecated algorithms that pose a marginal risk, but crypto bugs in applications can lead directly to things like remote code execution, compromise of credentials and loss of data. We’ll show how this happens and how to avoid it. The training will include some examples of real flaws we’ve found recently using our Analyzer software.
Go to the event page to find the syllabus and how to sign up.
PrimeKey Solutions develops and supports the most downloaded open source enterprise public-key infrastructure (PKI) software available, EJBCA. You can find out why they use Cryptosense Analyzer for Java in a case study we’re releasing today.
We already use a variety of tools to ensure software quality, but we see security as an area of continuous improvement, and Cryptosense tools give us a cryptography-focused view that other tools can’t provide. A strong statement in itself, given the fact that PrimeKey’s teams of engineers work day in and day out with cryptography.
Tomas Gustavsson, CTO PrimeKey
We’re delighted to announce we’re the winners of this year’s “Prix De l’Innovation”, a security start-up prize awarded by Le Cercle, an association of French CISOs and consultants.
Prix de l'#Innovation 2016 Le gagnant est… @cryptosense ! Félicitations et rendez-vous en octobre @Les_Assises pic.twitter.com/cSVOX4T3ej
— Le Cercle (@Le_Cercle) June 24, 2016
We were shortlisted on the basis our our written submission, then took part in the pitch competition last Thursday evening in Paris. The prize is a booth at the annual “Assises de la Sécurité” show in Monaco in October, France’s largest security trade show and conference.
If you’re coming too, let us know, we would be delighted to give you a personal demo of our tools for finding and fixing weaknesses in cryptography use by applications and infrastructure.
