Cryptosense FAQ 

How does CAP work?

What does CAP consist of?

CAP consists of:

  1. The Analyzer Platform which also hosts the reporting web application, available in SaaS hosted in our cloud or as a completely self-contained virtual machine licensed for use on-premises.
  2. Application Tracer (Java, .Net, OpenSSL)
  3. Network Scanner (TLS, STARTTLS, SSH)
  4. Filesystem Scanner (filesystems & containers)
  5. HSM scanner (PKCS#11)

Results are correlated in the Analyzer platform to provide a comprehensive inventory. All scans and traces are centralized in a CAP server which can be used in SaaS or installed on-premise. 

How does CAP’s Application Tracer work?

CAP’s lightweight application tracer agent sits inside a running application and records all the calls the app makes to its cryptographic libraries. See for more information.

Why does CAP have a filesystem scanner?

It allows us to give you better insights. Plenty of tools scan filesystems for certificates, but only CAP can also trace inside applications to show you which ones are used, and what they are used for.

How does CAP’s HSM Scanner work?

Our adaptive mutation-based fuzzing engine explores the corner-cases of the PKCS#11 standard as implemented in the device under test. The results are passed through more than 100 compliance and vulnerability filters to detect anomalies and weaknesses.

How do I use the data that CAP provides?

CAP has a full GraphQL API allowing easy integration with other tools

Does CAP need access to source code?

No. CAP’s Application Tracer agent sees 100% of calls to crypto libraries in a running application, without needing access to source code.

Get the CAP Datasheet

CAP is a complete cryptography management platform. By combining analysis of cryptography throughout your infrastructure it gives you powerful insight into how you use cryptography with multiple business benefits.