Cryptosense

Automated cryptographic security auditing for applications

About Cryptosense

Cryptosense Analyzer is a cryptography audit software solution for analyzing the cryptography use within business applications and identifying any security flaws. Available as a SaaS or on-premise product with annual license subscriptions per application, Cryptosense Analyzer is compatible with Java, OpenSSL and PKCS#11 with .NET API support also coming soon. With modern business apps increasingly using cryptography and cryptographic operations more broadly for password storage and database field encryption etc, the complexity of these developments leaves them vulnerable to cryptography security flaws. Cryptosense Analyzer essentially finds these flaws within apps and infrastructures, before guiding on how they can be fixed, optimizing bug fixing resources and also demonstrating a level of security compliance to all stakeholders.

Cryptosense Analyzer operates around a "crypto cartography" approach to tracing all crypto library calls made by an application, whether from framework components and/or libraries. The software then produces a summary report on all traced operations to highlight weak algorithms, vulnerable passwords, insufficient key lengths and much more. These reports or Cryptosense Maps are beneficial to proving compliance with standards such as FIPS and PCI-DSS, while aiding the planning of any crypto-related changes. Other notable features include over 45 configurable cryptographic rules, pre-configured profiles for testing against NIST / ENISA standards policies, multiple user profile creation, LDAP integration and also the provision of expert technical support for interpreting the software's findings.

Pricing starting from:

N/A

  • Free Version
  • Free Trial
  • Subscription

Top 5 alternatives to Cryptosense

Key benefits of Cryptosense

  • Cryptosense Analyzer is SaaS-based or on-premise auditing software for analyzing the use of cryptography within applications, identifying flaws and suggesting how they can be fixed to improve security.
  • The software supports API's including Java (JCE/JCA/Bouncycastle), OpenSSL (libssl, libcrypto), PKCS#11, with .NET support also in development, to follow.
  • Typical types of flaws findable by Cryptosense include weak cryptographic keys, algorithms, passwords and password-based key derivation, the incorrect choice of parameters, use of randomness etc and more.
  • Support provision includes access to the Cryptosense Knowledge Base with documentation for interpreting the software's analysis, helping those not versed in cryptography to understand the results.
  • Cryptosense boasts a false positive rate of less than 1 per 1000 in the pinpointing of genuine vulnerabilities, with Enterprise package holders permitted to add custom cryptography rules into the software for bespoke detection.
  • Devices

    Business size

    S M L

    Markets

    Australia, Brazil, Canada, China, Germany, France, India, Japan, Mexico, United States

    Supported Languages

    English

    Pricing starting from:

    N/A

    • Free Version
    • Free Trial
    • Subscription

    Top 5 alternatives to Cryptosense

    Images

    Cryptosense Software - Project traces can be uploaded to Cryptosense, NIST or ECRYPT profiles for the purpose of generating reports
    Cryptosense Software - A typical failed summary, detailing an example of 9 rule exceptions identified, flagged and described for further address
    Cryptosense Software - A developer view onto found flaws locates where and when calls are made within the application code, suggesting general remediations for fixing
    Cryptosense Software - Key lengths dialog with slider controls for setting high, medium and low criticality thresholds for symmetric and RSA keys
    Cryptosense Software - Available as a SaaS or on-premise installation, Cryptosense Analyzer automates cryptographic auditing for finding security flaws in Java, OpenSSL and PKCS#11 applications
    View 6 more
    Cryptosense video Cryptosense video Cryptosense Software - Project traces can be uploaded to Cryptosense, NIST or ECRYPT profiles for the purpose of generating reports Cryptosense Software - A typical failed summary, detailing an example of 9 rule exceptions identified, flagged and described for further address Cryptosense Software - A developer view onto found flaws locates where and when calls are made within the application code, suggesting general remediations for fixing Cryptosense Software - Key lengths dialog with slider controls for setting high, medium and low criticality thresholds for symmetric and RSA keys Cryptosense Software - Available as a SaaS or on-premise installation, Cryptosense Analyzer automates cryptographic auditing for finding security flaws in Java, OpenSSL and PKCS#11 applications

    Features

    Total features of Cryptosense: 13

    • API
    • Access Controls/Permissions
    • Active Directory Integration
    • Activity Monitoring
    • Audit Management
    • Compliance Management
    • Intrusion Detection System
    • Password Management
    • Reporting & Statistics
    • Security Auditing
    • Summary Reports
    • User Management
    • Vulnerability Scanning

    Alternatives

    CloudAware

    4,5
    #1 Alternative to Cryptosense
    CloudAware is a cloud management platform designed to help enterprise IT teams deploy and manage applications across...

    Syxsense

    4,6
    #2 Alternative to Cryptosense
    Syxsense is an endpoint security software designed to help SecOps departments, managed service providers (MSPs), and IT...

    TOPIA

    4,9
    #3 Alternative to Cryptosense
    Efficiently Reduce Organizational Security Risk with TOPIA's leading vulnerability management platform that provides an...

    Wallarm WAF

    4,7
    #4 Alternative to Cryptosense
    Wallarm is a cloud-based application security suite designed to help organizations automate protection and security...

    Reviews

    Overall rating

    5 /5
    (1)
    Value for Money
    4/5
    Features
    4/5
    Ease of Use
    4/5
    Customer Support
    5/5

    Already have Cryptosense?

    Software buyers need your help! Product reviews help the rest of us make great decisions.

    Write a Review!
    Showing 1 review
    Krzysztof F.
    Overall rating
    • Industry: Information Technology & Services
    • Company size: 1 001-5 000 Employees
    • Used for Free Trial
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 8.0 /10

    Cryptosense scanning

    Reviewed on 2018/08/08

    We have used the Cryptosense analyzer to assess the strength of our cryptography which we use in...

    We have used the Cryptosense analyzer to assess the strength of our cryptography which we use in the product

    Pros

    - Very accurate findings
    - The recommendations are straightforward and cannot be misinterpreted. In some cases they are very useful to evaluate the real impact on the software
    - This type of scanning allows to catch all types of cryptography calls in JVM, not only the one that originate directly from the application, but also that are triggered indirectly by a middleware
    - Low ration of false positives

    Cons

    - The size of the traces for products that do a lot of cryptography calls can be problematic, it can be too big for producing the report (this was however quickly resolved by excellent support)
    - There was no direct support for Cloud vendors solutions around key management (e.g. AWS KMS), however some of the Cloud services uses standard Java Cryptography API and hence we would able to identified some findings and the Cryptosense team is working to add this type of support

    Cryptosense FAQs

    Below are some frequently asked questions for Cryptosense.

    Cryptosense offers the following pricing plans:

    • Starting from:
    • Pricing model: Subscription
    • Free Trial: Available

    14-day trial available. Standard = $595 per month, per app ($795 per month if paid annually) Preimium = $1195 per month, per app ($1595 per month if paid annually) Premium+ = $1495 per month, per app ($1949 per month if paid annually) Enterprise = Quote available on request

    Cryptosense has the following typical customers:

    201-500, 501-1 000, 1 001+

    Cryptosense supports the following languages:

    English

    Cryptosense supports the following devices:

    We do not have any information about what integrations Cryptosense has

    Cryptosense offers the following support options:

    Email/Help Desk, Knowledge Base, Phone Support

    Related categories

    See all software categories found for Cryptosense.