Detecting security vulnerabilities in existing applications is a hard task. Tools to accomplish this task are not only rare but often proprietary, expensive, and not always efficient. Moreover, many of the existing tools fail to discover security vulnerabilities inside applications integrating cryptographic functionalities, since it is difficult for the inspecting software to surmount the barriers of cryptographic keys, primitives and algorithms. It is particularly tedious to cope with cryptographic protocols that may be implemented inside the inspected application. In this paper, we introduce a new tool—SinCRY—designed to inspect Java applications that implement cryptographic protocols and modules. First, we present this tool. Then, we carry out a full inspection of a legacy-like test application using this tool along with SinJAR, another static tool for inspecting Java applications through their Jar files.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com