Embed Size (px)
Citation preview
SECURE CRYPTO, EVERYWHERE.
2
Cryptography is the essential technology for the security of the distributed, open IT networks needed for modern business.
ATMs
Payment Terminals
Internet of things
Blockchain
Mobile
Cloud?
3
Crypto is fragile: a tiny defect can result in complete loss of security and a massive data breach.
4
of crypto bugs are in applications, not in cryptographic library code*
crypto misuse vulnerabilities added to the Mitre CVE database 2013 - 20151806
83%of crypto flaws cannot be detected by the best performing static analysis tool**98.3%* Lazar et al, Why does Cryptographic software fail? APSys ’14** 2013 NIST SATE Evaluation
5
Cryptosense helps enterprise security teams to:
1. Discover crypto use in their IT infrastructure 2. Analyse its security3. Fix any errors found4. Automate audit reports5. Monitor ongoing security
6
!=
!=
!
Appl
icatio
n
Cryp
to L
ibra
ry
1. Tracing 2. Analysis* 3. Remediation** Either on-premise or in the cloud as SAAS
Our Analyzer tool works by tracing all calls from an application to its crypto library at run time, then analyzing these with our proprietary algorithms to detect flaws.
7
Crypto Analysis Report
RisksEach rule has detailed risk assessment information.
Failed RulesClick on a rule for more information
on risks and to see the instances.
Debug ViewLinks to stacktraces to identify where in the application the weaknesses are.Instances
Specific cases of failed rules. Can be shared, dismissed,
and starred.
CategoriesEasily view rules for each category type.
DEMO
8
SAST e.g. Fortify, Veracode
What existing tools cover...
...what Cryptosense covers.
Transport protocol configuration
Key management flaws
Insecure credential storage
Application-level protocol attacks
Weak Algorithms and Block Modes
Weak randomness
Bad nonce management
Mis-configured crypto in libraries & frameworks
Insecure interactions
DAST e.g. SSL Labs, Appscan
Poor data-at-rest protection
9
testmycrypto.comTry it for yourself
10
Current clients
ABOUT
Funding bodies
Prizes
Academic spin-off (2013)
» 3 of top 5 European Banks » 2 SIFIs (Financial Services Infrastructure Providers) » US and French government agencies
Global FinalistFuture of Finance 2015
Winner
Graham Steel, PhDCEO & Founder
11
Richard HornePhilippe LangloisRicardo Focardi Graham Steel
Cryptosense is based in Paris where we profit from a talented pool of French-educated engineers.
Co-founder of Qualys, CEO and founder of P1 Security
Partner Cyber-Security PWC, Ex Director of Cyber Security at Barclays Bank
Founders & Advisors
CEO Chief Scientist Advisor AdvisorWorld-renowned applied crypto researcher
Prof at University of Venice in Formal Analysis of Crypto
