Here at Cryptosense we’ve recently been working on adding the last few algorithms to our Java Crypto Analyzer to cover 100% of the standard (SunJCE) provider. The last one we treated was the mysterious-sounding DESede Wrap. What exactly does it do, and is it secure?
One task our users often want to perform with application crypto audit reports produced by Cryptosense Analyzer is to export certain results in detail for adding to an issue tracker. We’ve now made this easier by adding stars to instances of our analysis rules. Clicking on a star marks an instance for export. You can then export all the starred instances along with full stacktrace information indicating where in the code the issue comes from.
Starring an instance for inclusion in a later export as text, CSV or PDF.
We’ll be running a new training here at our offices in central Paris in December covering crypto flaws in applications.
Mention crypto flaws to many people and they will think of deprecated algorithms that pose a marginal risk, but crypto bugs in applications can lead directly to things like remote code execution, compromise of credentials and loss of data. We’ll show how this happens and how to avoid it. The training will include some examples of real flaws we’ve found recently using our Analyzer software.
Go to the event page to find the syllabus and how to sign up.