Cryptosense develops software that allows our customers to find security flaws in the cryptography used by their applications and network services.
Between 2013 and 2015 more than 10% of the security flaws registered in the CVE database were linked to cryptography. Of these, 83% were not in the crypto libraries but coming from the way the applications call the libraries. Cryptosense's software allows businesses to detect and remediate those flaws. Empowered by proprietary algorithms our Analyser has reviewed 8 millions calls in the last two months resulting in the detection of 17 000 vulnerable operations.
Cryptosense offers the first software solution that automates crypto audits throughout the application development life cycle. We’ve developed a new analysis technique: a tracing agent is attached to the application to be tested and records all calls made by the application to crypto libraries. Compared to classic static analysis, we don't need to access the source code or the binary and we cover a much broader scope of crypto vulnerabilities with a much lower false-positive rate.
Unlike existing software Cryptosense offers precise analysis with full crypto coverage, in a fast automated software tool that can be deployed throughout the development cycle from prototype to production. Not only do we list weak algorithms and incorrect configurations or block modes but we also identify practices that can ruin the crypto robustness in an application, like bad nonce management , weak randomness, key management. That makes us the first company to automate cryptographic audit