A large number of recent studies have shown that most software applications that use cryptographic procedures misuse them. The VeraCode Report State of the Software Security v11 (2020) lists the insecure use of cryptography as the third most common cause of software vulnerabilities, right after information leakage and CRLF injection.
CogniCrypt allows developers to quickly identify and fix security-critical misuses of cryptographic libraries. Application developers can also use it to learn about which cryptographic components to use in which combination, in order to achieve high-level security guarantees for a system they desire to build, eventually under constraints, like not requiring special hardware components (chipcards, etc.) for authentication in low-cost scenarios. CogniCrypt also assists application developers in instantiating the architecture and validates the correct integration of all components in this instantiation by validating the correct usage of the components’ application interfaces. We envision CogniCrypt to also support cryptographers that use the platform to host their cryptographic components.
The plugin Eclipse CogniCrypt ships in two main components: A wizard for code generation that supports a developer in generating secure code for common cryptographic tasks and a static code analysis that continuously checks the (generated and non-generated) code of the developer directly within Eclipse.
Learn more at www.cognicrypt.com
CogniCrypt is an official Eclipse project since December 2017.
CogniCrypt Explainer Video
CogniCrypt Explainer Video: Cryptographic Misuse Detection with CrySL
CogniCrypt Tutorial Videos
Click on the upper left corner to choose one of the videos of the playlist.