LogoLogo
HomeArticlesCommunity ProductsPremium ProductsGitHubTalsec Website
  • Introduction
    • Overview
  • Premium Products
    • RASP+
    • AppiCrypt
    • Malware Detection
    • App Hardening
Powered by GitBook
LogoLogo

Company

  • General Terms and Conditions

Stay Connected

  • LinkedIn
  • X
  • YouTube
  1. Introduction

Overview

Last updated 12 days ago

Was this helpful?

Talsec offers a Subscription model for the Application Safety SDK Suite. It includes comprehensive mobile solution security elements that are unexampled on the market. Our Mobile Application safety suite includes RASP SDK (Runtime App Self Protection), Security Hardening SDK, API protection SDK and Audit/Monitoring web portal application intended for the visualization of threat insights, SIEM integration, data analytics, monitoring and incidents investigations.

  • RASP+ SDK. Provides in-App protection and shielding. Talsec SDK combats reverse engineering, device/OS integrity compromise (like rooting, running in an emulator, using a debugger or dynamic hooking), and Malware attacks such as Accessibility services misuse, screen readers, and Overlay attacks. RASP SDK subscription includes SDK integration with the Audit portal based on the Elastic Cloud managed service controlled by the Customer.

  • AppiCrypt®. It aims to combat API abuse, provides online Risk scoring, Fraud prevention, and implements RASP hardening by checking RASP suppression at the backend. It is efficient against manual and automatic API abuse like botnets, JSON injections, session hijacking, and more. The feature enables the implementation of the TLS session binding to the device and UserID binding to

  • App Security Hardening SDK

    • Dynamic TLS pinning SDK. Protect against a man-in-the-middle attack.

    • Secrets Vault for App Secrets protection inside SDK (e.g. encryption keys, API keys, hostnames, end-points) with remote management possibilities.

    • Usable for App Data encryption and decryption (e.g. to protect App assets or user’s data at rest on the device)

    • Usable for Application Layer end-to-end encryption (e.g. to protect sensitive payload from MiTM or malicious admin on backend)

  • Malware Detection SDK - active protection against known malware, ongoing malware campaigns, counterfeit app clones, and other potentially risky apps is essential for the overall security posture.

  • 1x Automated App Vulnerability Scanning report (Internal Pentesting Scanning Tool) by request for one platform. Includes security journey roadmap recommendations.

  • 1 x Individual practical 2h webinar by request, “How to hack and how to protect mobile Apps” for customer’s employees

  • Maintenance updates and support SLA are included in the subscription.

The threats that Talsec helps to mitigate include but are not limited to:

  • Reverse Engineering attempts

  • App repackaging and cloning

  • Session (or JWT) hijacking

  • API-abuse, DDoS and botnets

  • API attacks by App impersonation

  • Man-in-the-middle attacks

  • API brute forcing and Password enumeration attacks

  • Re-publishing of cloned apps to alt-stores

  • Running the App in compromised OS environments (e.g., rooted/jailbroken OS, hooking frameworks like Frida and others)

  • Running App in emulators, simulators, and in debugging mode

  • Unauthorized access to App’s data

  • Dynamic attack or App hooking at runtime (using tools like Frida, Xposed, ...)

  • Overlay and Cloak & Dagger attack prevention

  • Misuse of Accessibility Services

  • App instance relocation (device unbinding)

  • SIM swapping

Premium Products

Discover Talsec premium products: RASP+, AppiCrypt, MalwareDetection, and AppHardening (Dynamic TLS Pinning, Secret Vault).

Additional Trending Attack Vectors

Talsec also covers the following attack types that are not directly part of OWASP Top10 but still actual and exploitable as Telsec team believes.

Fraudsters Attack vectors

Talsec RASP+

AppiCrypt®

AppHardening SDK

Malware Detection

Session hijacking

Mitigates

Mitigates

Man in the middle

Mitigates

Mitigates

SIM swapping

Mitigates

API-abuse

Mitigates

JSON injections

Mitigates

Fraudulent Apps (malware)

Mitigates

Mitigates

Mitigates

Untrusted install sources

Mitigates

Mitigates

Platform availability information

Android (smartphone, tablet, Android TV)

iOS (iPhone, iPad)

FLUTTER

CORDOVA / REACT NATIVE / CAPACITOR

MOBILE APP ATTACK DETECTION

Root/jailbreak detection

Debug mode detection

Emulator/Simulator detection

Tamper detection (APK signature, official store, pkg name)

N/A

Android

Android

Repackaging validation (bundleID, teamID)

N/A

iOS

iOS

Hook detection

Device binding

Overlay detection

N/A

Android

Android

Accessibility Services misuse protection

N/A

Android

Android

Unofficial installation source detection

Obfuscation issues detection

N/A

Android

Android

DEVICE & OS SECURITY CHECK

Keystore/Keychain

Device lock

Mobile Services

N/A

Android

Android

Last security patch

N/A

Android

Android

System VPN

Developer mode

N/A

Android

Android

AppiCrypt® - App Integrity Cryptogram

HARDENING SDK - tools to increase app security

Dynamic certificate pinning

Secret vault

Talsec Application Safety SDK Suite
Cover

RASP+ SDK. Provides in-App protection and shielding.

Cover

AppiCrypt® aims to combat API abuse.

Cover

Active protection against known malware, counterfeit app clones and other potentially risky apps.

Cover

AppHardening includes Dynamic TLS Pinning and Secret Vault.