CogniCrypt

An intelligent open-source platform ensuring the secure usage of crypto components

A central goal of CROSSING is to collaboratively develop CogniCrypt, an intelligent open-source platform for hosting cryptographic components (developed in the CROSSING projects or outside of CROSSING) that actively assists application developers in selecting and correctly integrating its components into applications.

A large number of recent studies have shown that most software applications that use cryptographic procedures misuse them. The VeraCode Report State of the Software Security v11 (2020) lists the insecure use of cryptography as the third most common cause of software vulnerabilities, right after information leakage and CRLF injection.

CogniCrypt allows developers to quickly identify and fix security-critical misuses of cryptographic libraries. Application developers can also use it to learn about which cryptographic components to use in which combination, in order to achieve high-level security guarantees for a system they desire to build, eventually under constraints, like not requiring special hardware components (chipcards, etc.) for authentication in low-cost scenarios. CogniCrypt also assists application developers in instantiating the architecture and validates the correct integration of all components in this instantiation by validating the correct usage of the components’ application interfaces. We envision CogniCrypt to also support cryptographers that use the platform to host their cryptographic components.

The plugin Eclipse CogniCrypt ships in two main components: A wizard for code generation that supports a developer in generating secure code for common cryptographic tasks and a static code analysis that continuously checks the (generated and non-generated) code of the developer directly within Eclipse.

Learn more at www.cognicrypt.com

CogniCrypt is an official Eclipse project since December 2017.

CogniCrypt Explainer Video

Error: Loading of resource has failed

Go to original web page

CogniCrypt Explainer Video: Cryptographic Misuse Detection with CrySL

Error: Loading of resource has failed

Go to original web page

CogniCrypt Tutorial Videos

Error: Loading of resource has failed

Go to original web page

Click on the upper left corner to choose one of the videos of the playlist.