Nowadays cryptographic functions are often embedded into wide range of modern software. Integrated right into source code, cryptographic algorithms are usually aimed to set up a secure access to the software itself, provide storage data encryption and maintain other security processes within the system. However, during development cycle all attention is often concentrated only on basic software functions and security questions are frequently being forgotten or even ignored. Among the most popular reasons of why it’s happing we can name, for example, lack of time for development cycle, simple unwillingness to waste time on development of complex software architecture and difficulties associated with cryptography attributes prototyping.
Our company permanently monitors and examines software security state. Recent researches have demonstrated that incorrectly embedded cryptographic functions could become the source of new software vulnerabilities. It is also topical for various mobile software, that today often becomes sensitive data medium. Though, despite quick spreading of mobile software, cryptographic functions, containing in it, are embedded badly.
The target of this presentation is to demonstrate different approaches to analyze the correctness of cryptographic functions embedding during software development cycle and to illuminate methods of the third party’s software audit, adopted specially for corporative information systems.