How can I get Cryptosense Analyzer?
What contract options are available?
Cryptosense Analyzer SaaS edition is available on a monthly or annual, per application basis. We operate degressive pricing for multiple applications.
What type of support is included?
All packages include operational software support as well as access to Cryptosense’s crypto vulnerability Knowledge Base. Premium and Premium Plus packages also include 24h crypto expertise support via email.
I’m not a crypto expert, will I understand the results?
We provide extensive support and detailed documentation to help you get the most from your analysis. Cryptosense Knowledge Base is a rich source of detailed information about Symmetric and Asymmetric Algorithms, Padding Modes, Crypto Attacks and Key Management. Request a demo to see a typical Analyzer output.
How often will Cryptosense’s vulnerability database be updated?
We maintain close links to academic institutions, this means that we are able to keep our software up-to-date with information about latest vulnerabilities, even before their official publication. Our SaaS customers benefit from live updates. On-premise installations are updated every 3 months.
How secure is the SaaS version?
We have a security policy document that describes in detail the measures we take. In general, we follow best practices for web development including making use of up to date and well-tested frameworks and libraries, paying attention to source code management and using a modern CI process, specific measures around attack vectors such as injection, cross site scripting and authorisation bypass, and having third-parties carry out grey-box pen-tests. Traces are uploaded to the server under TLS encryption (see the appendix for configuration).
Where is it hosted?
The Analyzer is currently hosted on Amazon Web Services, but we can create on-demand instances elsewhere to suit customer compliance requirements (more details on request).
What are the requirements for the VM?
There are no particular requirements for the VM in terms of CPU power, though more powerful instances will produce reports faster. Disk space depends on the number of applications to be tested, since the traces will be stored on the disk in the on-prem version. Traces can be quite large (e.g. 2-5 gb for large web applications and extensive testing).
Does the VM need to communicate with a server in the cloud?
No, the VM can be run completely internally. On-premise customers receive all updates to the rulebase just like SaaS customers. These updates are made available on our servers in the form of Debian/Redhat packages every quarter, which on-prem customers can download and apply to their Analyzer VM. No data is ever sent from the Analyzer VM to Cryptosense or elsewhere.
What technologies is the VM based on?
The Analyzer VM runs on Linux using python/flask for the web application and OCaml for the analysis engine. We supply packages for Debian and for RedHat Linux/CentOS.