Overview

Talsec offers a Subscription model for the Application Safety SDK Suite. It includes comprehensive mobile solution security elements that are unexampled on the market. Our Mobile Application safety suite includes RASP SDK (Runtime App Self Protection), Security Hardening SDK, API protection SDK and Audit/Monitoring web portal application intended for the visualization of threat insights, SIEM integration, data analytics, monitoring and incidents investigations.

• RASP+ SDK. Provides in-App protection and shielding. Talsec SDK combats reverse engineering, device/OS integrity compromise (like rooting, running in an emulator, using a debugger or dynamic hooking), and Malware attacks such as Accessibility services misuse, screen readers, and Overlay attacks. RASP SDK subscription includes SDK integration with the Audit portal based on the Elastic Cloud managed service controlled by the Customer.

• AppiCrypt®. It aims to combat API abuse, provides online Risk scoring, Fraud prevention, and implements RASP hardening by checking RASP suppression at the backend. It is efficient against manual and automatic API abuse like botnets, JSON injections, session hijacking, and more. The feature enables the implementation of the TLS session binding to the device and UserID binding to

• App Security Hardening SDK

  • Dynamic TLS pinning SDK. Protect against a man-in-the-middle attack.

  • Secrets Vault for App Secrets protection inside SDK (e.g. encryption keys, API keys, hostnames, end-points) with remote management possibilities.

  • Usable for App Data encryption and decryption (e.g. to protect App assets or user’s data at rest on the device)

  • Usable for Application Layer end-to-end encryption (e.g. to protect sensitive payload from MiTM or malicious admin on backend)

• Malware Detection SDK - active protection against known malware, ongoing malware campaigns, counterfeit app clones, and other potentially risky apps is essential for the overall security posture.

• 1x Automated App Vulnerability Scanning report (Internal Pentesting Scanning Tool) by request for one platform. Includes security journey roadmap recommendations.

• 1 x Individual practical 2h webinar by request, “How to hack and how to protect mobile Apps” for customer’s employees

• Maintenance updates and support SLA are included in the subscription.

The threats that Talsec helps to mitigate include but are not limited to:

• Reverse Engineering attempts

• App repackaging and cloning

• Session (or JWT) hijacking

• API-abuse, DDoS and botnets

• API attacks by App impersonation

• Man-in-the-middle attacks

• API brute forcing and Password enumeration attacks

• Re-publishing of cloned apps to alt-stores

• Running the App in compromised OS environments (e.g., rooted/jailbroken OS, hooking frameworks like Frida and others)

• Running App in emulators, simulators, and in debugging mode

• Unauthorized access to App’s data

• Dynamic attack or App hooking at runtime (using tools like Frida, Xposed, ...)

• Overlay and Cloak & Dagger attack prevention

• Misuse of Accessibility Services

• App instance relocation (device unbinding)

• SIM swapping

Premium Products

Discover Talsec premium products: RASP+, AppiCrypt, MalwareDetection, and AppHardening (Dynamic TLS Pinning, Secret Vault).

Additional Trending Attack Vectors

Talsec also covers the following attack types that are not directly part of OWASP Top10 but still actual and exploitable as Telsec team believes.

Platform availability information