Cryptosense Bewertungen

von Cryptosense

Cryptosense scanning

Bewertet am 8.8.2018
Krzysztof F.
Cloud Solution Architect
Informationstechnologie & -dienste, 1.001-5.000 Mitarbeiter
Verwendete die Software für: Kostenlose Testversion
Quelle des Nutzers 
Eigenschaften & Funktionalitäten
Wahrscheinlichkeit der Weiterempfehlung:
Unwahrscheinlich Äußerst wahrscheinlich

Kommentare: We have used the Cryptosense analyzer to assess the strength of our cryptography which we use in the product

Vorteile: - Very accurate findings
- The recommendations are straightforward and cannot be misinterpreted. In some cases they are very useful to evaluate the real impact on the software
- This type of scanning allows to catch all types of cryptography calls in JVM, not only the one that originate directly from the application, but also that are triggered indirectly by a middleware
- Low ration of false positives

Nachteile: - The size of the traces for products that do a lot of cryptography calls can be problematic, it can be too big for producing the report (this was however quickly resolved by excellent support)
- There was no direct support for Cloud vendors solutions around key management (e.g. AWS KMS), however some of the Cloud services uses standard Java Cryptography API and hence we would able to identified some findings and the Cryptosense team is working to add this type of support