Automating Cryptographic Vulnerability Analysis in the CI Toolchain

  • Date 06 Jun 2019

Automating Cryptographic Vulnerability Analysis in the CI Toolchain

06 Jun 2019, 12:45 - 13:15

Talking Tactics

Accidental deployment of vulnerable cryptography can lead to significant data breaches - like the one that led to Uber paying a $200M fine in 2018. So companies in regulated industries are required to test their use of cryptography to standards such as PCI-DSS. But auditing crypto by hand is time-consuming, and error-prone. How can the process be automated to save time and money?

In this talk, we explain how Cryptosense and 3Key Company helped a major international payments operator integrate automated cryptographic security testing into their CI pipeline, leveraging CS Analyzer and its Rest API. We discuss lessons learned along the way and tips for managing such integrations effectively, both at the technical and human level.

Learning Outcomes:

  1. Learn how to add automated cryptographic vulnerability assessment to the CI toolchain
  2. Improve application security by using specialist cryptographic assessment tools 
  3. Best practices for conducting automated cryptography audits
  4. Learn how to demonstrate PCI-DSS compliance at the click of a button 
  5. Save time and money on application security audits



  • Graham Steel




    Graham Steel is founder and CEO of Cryptosense, a Paris-based software company helping companies discover, understand, improve and migrate their...

  • Roman Cinkais



    3Key Company

    After more than ten years working for top international payment providers building up extensive experience in PKI, cryptography and application...

Business Issues covered

  1. What will this session help you to do?
    • Deliver security to drive and enable business growth‎
    • Mitigate the effects of new vulnerabilities and exploits‎




We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.