Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Cryptosense Analyzer Data Sheet

    Încărcat de

    Richard Henderson
    113 vizualizări2 pagini
    All about Cryptosense's cryptographic analyzer for Java.

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    All about Cryptosense's cryptographic analyzer for Java.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    113 vizualizări2 pagini

    Cryptosense Analyzer Data Sheet

    Încărcat de

    Richard Henderson
    All about Cryptosense's cryptographic analyzer for Java.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 2

    Cryptosense Data Sheet

    Cryptosense Analyzer
    Cryptosense Analyzer helps developers, application security teams and pen testers
    quickly identify hard to find cryptographic security flaws in applications.

    Vulnerability Types found by Cryptosense Analyzer


    Cryptographic Usage Errors Key-Management Flaws Algorithm and Key-Length Weaknesses
    Cryptosense Analyzer treats all the Thanks to our vulnerability research on Cryptosense Analyzer detects the use of
    crypto operations carried out by the common APIs Cryptosense Analyzer can weak ciphers, hash functions, MACs and
    application under test, allowing detection precisely evaluate the security of keys signature modes as well as short keys.
    of insecure combinations of operations, protected by software keystores as well Key length and algorithm policy can be
    encryption susceptible to padding oracle as spot other common key-management customized by the user
    attacks, reuse of one-time values, unsafe errors such as weak encryption
    parameters, and more. passwords.

    About our Analysis Rules


    Explanation of Risk Remediation Information Always up-to-date
    For each finding, we explain in detail the In addition to risk assessment information, Our rules are derived from academic
    level of risk in terms of the consequences we provide instructions on how the results in applied cryptography research,
    of the attack, the level of expertise problem can be resolved, whether by standards, hacking conferences, public
    required to mount it, and the computing code changes, a library update or changes vulnerabilities, and our own vulnerability
    resources required. This allows an to configuration files. We continually research. Thanks to close links to the
    accurate risk assessment on the basis update our remediation results to take community and ongoing collaborations
    of the threat scenario pertinent to the into account the complex maze of with top academic groups we keep our
    application under test. configuration files and dependencies in rules up to date with latest advances in
    modern application frameworks. cryptanalytic attacks.
    1/2 Cryptosense Data Sheet - Cryptosense Analyzer
    Technical Specifications Tracer Facts
    Cryptosense Analyzer supports a variety of cryptographic APIs • The tracer agents record the trace of calls in a file, which
    and application environments. More are being added continually. is compressed on the fly, and can be inspected by the
    Cryptosense Analyzer consists of: user. There is no need for the agent to have a network
    connection to the analysis platform at the time the
    1. The analysis platform which also hosts the reporting application under test is run. The trace can be uploaded
    web application, available in SaaS hosted in our cloud to the analysis platform later.
    or as virtual machine licensed for use on-premises.
    • The trace contains calls to the cryptographic library
    The Analyzer web application works with all modern
    including all their parameters and stack-traces to allow
    browsers, including Chrome (v55+), Firefox (v50+),
    vulnerabilities to be pinpointed in source code.
    Internet Explorer (11+).
    • Traces can be obtained by leveraging existing test suites
    2. A number of Tracers, which are used locally in the
    such as integration tests.
    environment of the application under test to trace calls
    • Cryptosense supplies scripts for measuring a trace's
    from the application to its cryptographic library at run-
    coverage of crypto calls in the code.
    time.

    Cryptosense Analyzer
    Tracer Compatibility Cryptographic Interface Framework Compatibility
    Java
    Oracle Hotspot JVM Java JCA (any provider such as Oracle JCE, All major application frameworks including:
    OpenJDK, etc. version 1.6, 1.7, 1.8 Bouncycastle, IBM JCE, etc.). WebLogic
    Bouncycastle native interface is also Websphere
    supported. Jboss/WildFly
    Tomcat, etc.
    OpenSSL*
    Lightweight LD_PRELOAD extension, Traces libssl and libcrypto (EVP interface).
    compatible OpenSSL 1.0.x and 1.1.x

    Coming soon: Microsoft .NET, python, ruby, go, and more...

    *OpenSSL currently in private beta - contact us to take part in beta programme.

    For More Information Cryptosense SA France Sales: +33 (0)9 72 42 35 31


    www.cryptosense.com 19 Boulevard Poissonière International Sales: +1 646-893-7657
    info@cryptosense.com Paris 75002, France sales@cryptosense.com

    © 2017 Cryptosense, SA. All rights reserved. Cryptosense and the Cryptosense logo are
    trademarks or registered trademarks of Cryptosense SA in the U.S. and other countries.
    All other company and product names are the property of their respective owners.

    2/2 Cryptosense Data Sheet - Cryptosense Analyzer

    S-ar putea să vă placă și