Cryptosense

5.0 (1)
Write a Review!
Automated cryptographic security auditing for applications

About Cryptosense

Cryptosense Analyzer is a cryptography audit software solution for analyzing the cryptography use within business applications and identifying any security flaws. Available as a SaaS or on-premise product with annual license subscriptions per application, Cryptosense Analyzer is compatible with Java, OpenSSL and PKCS#11 with .NET API support also coming soon. With modern business apps increasingly using cryptography and cryptographic operations more broadly for password storage and database field encryption etc, the complexity of these developments leaves them vulnerable to cryptography security flaws. Cryptosense Analyzer essentially finds these flaws within apps and infrastructures, before guiding on how they can be fixed, optimizing bug fixing resources and also demonstrating a level of security compliance to all stakeholders.

Cryptosense Analyzer operates around a "crypto cartography" approach to tracing all crypto library calls made by an application, whether from framework components and/or libraries. The software then produces a summary report on all traced operations to highlight weak algorithms, vulnerable passwords, insufficient key lengths and much more. These reports or Cryptosense Maps are beneficial to proving compliance with standards such as FIPS and PCI-DSS, while aiding the planning of any crypto-related changes. Other notable features include over 45 configurable cryptographic rules, pre-configured profiles for testing against NIST / ENISA standards policies, multiple user profile creation, LDAP integration and also the provision of expert technical support for interpreting the software's findings.


Key benefits of Cryptosense

  • Cryptosense Analyzer is SaaS-based or on-premise auditing software for analyzing the use of cryptography within applications, identifying flaws and suggesting how they can be fixed to improve security.
  • The software supports API's including Java (JCE/JCA/Bouncycastle), OpenSSL (libssl, libcrypto), PKCS#11, with .NET support also in development, to follow.
  • Typical types of flaws findable by Cryptosense include weak cryptographic keys, algorithms, passwords and password-based key derivation, the incorrect choice of parameters, use of randomness etc and more.
  • Support provision includes access to the Cryptosense Knowledge Base with documentation for interpreting the software's analysis, helping those not versed in cryptography to understand the results.
  • Cryptosense boasts a false positive rate of less than 1 per 1000 in the pinpointing of genuine vulnerabilities, with Enterprise package holders permitted to add custom cryptography rules into the software for bespoke detection.

  • Images

    Cryptosense Software - Project traces can be uploaded to Cryptosense, NIST or ECRYPT profiles for the purpose of generating reports
    Cryptosense Software - A typical failed summary, detailing an example of 9 rule exceptions identified, flagged and described for further address
    Cryptosense Software - A developer view onto found flaws locates where and when calls are made within the application code, suggesting general remediations for fixing
    Cryptosense Software - Key lengths dialog with slider controls for setting high, medium and low criticality thresholds for symmetric and RSA keys
    Cryptosense Software - Available as a SaaS or on-premise installation, Cryptosense Analyzer automates cryptographic auditing for finding security flaws in Java, OpenSSL and PKCS#11 applications
    View 7 more
    Cryptosense video
    Cryptosense video
    Cryptosense Software - Project traces can be uploaded to Cryptosense, NIST or ECRYPT profiles for the purpose of generating reports
    Cryptosense Software - A typical failed summary, detailing an example of 9 rule exceptions identified, flagged and described for further address
    Cryptosense Software - A developer view onto found flaws locates where and when calls are made within the application code, suggesting general remediations for fixing
    Cryptosense Software - Key lengths dialog with slider controls for setting high, medium and low criticality thresholds for symmetric and RSA keys
    Cryptosense Software - Available as a SaaS or on-premise installation, Cryptosense Analyzer automates cryptographic auditing for finding security flaws in Java, OpenSSL and PKCS#11 applications

    Not sure about Cryptosense? Compare with a popular alternative

    Cryptosense

    5 (1)
    VS.
    Highly reviewed

    Starting Price

    US$595.00
    month
    £5.00
    year

    Pricing Options

    Free version
    Free trial
    Free version
    Free trial

    Features

    11
    80

    Integrations

    No integrations found
    No integrations found

    Ease of Use

    4.0 (1)
    4.8 (47)

    Value for Money

    4.0 (1)
    4.9 (47)

    Customer Service

    5.0 (1)
    4.9 (47)
    Green rating bars show the winning product based on the average rating and number of reviews.

    Alternatives

    Libraesva Email Security

    4.9
    #1 Alternative to Cryptosense
    Libraesva Email Security stops known and emerging email threats from reaching their target, so you only receive...

    Push Security

    5
    #2 Alternative to Cryptosense
    Push is a browser-based identity security solution.

    Haltdos

    2
    #3 Alternative to Cryptosense
    Haltdos is a DDoS mitigation solution for online businesses to defend against a wide range of DDoS attacks to minimize...

    Trend Micro Cloud One

    0
    #4 Alternative to Cryptosense
    Trend Micro Cloud One is cloud and cybersecurity software that helps businesses manage security policies, detect...

    Reviews

    Overall rating

    5 /5
    (1)
    Value for Money
    4/5
    Features
    4/5
    Ease of Use
    4/5
    Customer Support
    5/5

    Already have Cryptosense?

    Software buyers need your help! Product reviews help the rest of us make great decisions.

    Showing 1 review
    Krzysztof
    Overall rating
    • Industry: Information Technology & Services
    • Company size: 1,001–5,000 Employees
    • Used for Free Trial
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 8.0 /10

    Cryptosense scanning

    Reviewed on 08/08/2018

    We have used the Cryptosense analyzer to assess the strength of our cryptography which we use in...

    We have used the Cryptosense analyzer to assess the strength of our cryptography which we use in the product

    Pros

    - Very accurate findings
    - The recommendations are straightforward and cannot be misinterpreted. In some cases they are very useful to evaluate the real impact on the software
    - This type of scanning allows to catch all types of cryptography calls in JVM, not only the one that originate directly from the application, but also that are triggered indirectly by a middleware
    - Low ration of false positives

    Cons

    - The size of the traces for products that do a lot of cryptography calls can be problematic, it can be too big for producing the report (this was however quickly resolved by excellent support)
    - There was no direct support for Cloud vendors solutions around key management (e.g. AWS KMS), however some of the Cloud services uses standard Java Cryptography API and hence we would able to identified some findings and the Cryptosense team is working to add this type of support

    Cryptosense FAQs

    Below are some frequently asked questions for Cryptosense.

    Cryptosense offers the following pricing plans:

    • Starting from: US$595.00/month
    • Pricing model: Subscription
    • Free Trial: Available

    14-day trial available. Standard = $595 per month, per app ($795 per month if paid annually) Preimium = $1195 per month, per app ($1595 per month if paid annually) Premium+ = $1495 per month, per app ($1949 per month if paid annually) Enterprise = Quote available on request

    Cryptosense has the following typical customers:

    201–500, 501–1,000, 1,001–5,000

    Cryptosense supports the following languages:

    English

    Cryptosense supports the following devices:

    We do not have any information about what integrations Cryptosense has

    Cryptosense offers the following support options:

    Email/Help Desk, Knowledge Base, Phone Support

    Related categories

    See all software categories found for Cryptosense.