February 25, 2016

Cryptosense at RSA 2016

Cryptosense will be at the RSA Conference in San Francisco February 29-March 4. We’ll have a stand on the PKCS#11 booth (South Expo #821) where we’ll be running demos of our Security Tools. Find out how we detect vulnerabilities in PKCS#11 HSM configurations with our smart fuzzing tools and then apply them to the keys your application uses to check their security in the event of a breach.

We’ll also run demos of our Java Crypto Analyzer and we’ll have a special announcement about our Crypto Service Discovery tool on March 1st. To schedule a private meeting, get in touch.

 

Try Cryptosense Analyzer for Free

October 8, 2014

Rethinking PKCS#11 Compliance

Some standards come with compliance criteria built in – you can’t say you’ve implemented the standard until your code can pass the tests. With PKCS#11, a 407-page standard specifying the most widely used API in cryptographic hardware, there are no such tests. So how can a would-be PKCS#11 user discriminate between a good implementation of the API and a bad one? And how can a manufacturer find compliance bugs and then demonstrate the quality of their product?

Continue reading

July 21, 2014

Well-Typed Smart API Fuzzing

Since I joined Cryptosense in March, I’ve been working on a new implementation of the testing framework that we use to reverse-engineer cryptographic APIs. Last Friday, I gave a talk at the 7th Analysis of Security APIs workshop in Vienna where I explained some of the main ideas of this work. Here’s a high-level summary of my presentation.

When I arrived at Cryptosense I could see there had already been a huge investment in advancing the state of the art in automatic analysis of an API such as PKCS#11. The challenge was to generalise this tool to be able to test other crypto APIs in a scalable way, without reproducing all the effort.

Continue reading