# Overview Talsec offers a Subscription model for the Application Safety SDK Suite. It includes comprehensive mobile solution security elements that are unexampled on the market. Our Mobile Application safety suite includes RASP SDK (Runtime App Self Protection), Security Hardening SDK, API protection SDK and Audit/Monitoring web portal application intended for the visualization of threat insights, SIEM integration, data analytics, monitoring and incidents investigations. {% hint style="info" icon="newspaper" %} #### Talsec News #### Apps Security Threats Report 2025 A data-driven look at the global state of
mobile app security. {% endhint %} {% hint style="info" %} Premium Users: View [premium documentation here](https://docs.talsec.app/premium-integration-documentations/). {% endhint %}

Talsec Application Safety SDK Suite

* **RASP+ SDK**. Provides in-App protection and shielding. Talsec SDK combats reverse engineering, device/OS integrity compromise (like rooting, running in an emulator, using a debugger or dynamic hooking), and Malware attacks such as Accessibility services misuse, screen readers, and Overlay attacks. RASP SDK subscription includes SDK integration with the Audit portal based on the Elastic Cloud managed service controlled by the Customer. * **AppiCrypt®**. It aims to combat API abuse, provides online Risk scoring, Fraud prevention, and implements RASP hardening by checking RASP suppression at the backend. It is efficient against manual and automatic API abuse like botnets, JSON injections, session hijacking, and more. The feature enables the implementation of the TLS session binding to the device and UserID binding to * **App Security Hardening SDK** * Dynamic TLS pinning SDK. Protect against a man-in-the-middle attack. * Secrets Vault for App Secrets protection inside SDK (e.g. encryption keys, API keys, hostnames, end-points) with remote management possibilities. * Usable for App Data encryption and decryption (e.g. to protect App assets or user’s data at rest on the device) * Usable for Application Layer end-to-end encryption (e.g. to protect sensitive payload from MiTM or malicious admin on backend) * **Malware Detection SDK** - active protection against known malware, ongoing malware campaigns, counterfeit app clones, and other potentially risky apps is essential for the overall security posture. * **Maintenance updates and support SLA** are included in the subscription.
## Talsec's Multi-Layered App and API Protection Model * **L0 - Detect Attacks**: Check app security state with [**freeRASP**](https://app.gitbook.com/s/Q2PxZTOjhquOxcxftTrm/freerasp/introduction) & [**Talsec Portal**](https://app.gitbook.com/s/Q2PxZTOjhquOxcxftTrm/freerasp/data-visualisation-portal) insights * **L1 - Protect App**: Pass pentests, combat reverse engineering, and comply with regulations with [**RASP+**](https://docs.talsec.app/premium-products/product/rasp) and [**AppHardening (Secret Vault, Dynamic TLS Pinning)**](https://docs.talsec.app/premium-products/product/app-hardening-suite) * **L2 - Protect Transactions**: Combat API abuse, bots, web-scraping and MiTM with [**AppiCrypt**](https://docs.talsec.app/premium-products/product/appicrypt) * **L3 - Protect Users: Combat social engineering, phishing, malware with** [**Device Risk Scoring**](https://docs.talsec.app/premium-products/product-previews/ai-device-risk-summary-new) **and** [**Malware Detection**](https://docs.talsec.app/premium-products/product/malware-detection) {% embed url="" %} ## The threats that Talsec helps to mitigate include but are not limited to: * Reverse Engineering attempts * App repackaging and cloning * Session (or JWT) hijacking * API-abuse, DDoS and botnets * API attacks by App impersonation * Man-in-the-middle attacks * API brute forcing and Password enumeration attacks * Re-publishing of cloned apps to alt-stores * Running the App in compromised OS environments (e.g., rooted/jailbroken OS, hooking frameworks like Frida and others) * Running App in emulators, simulators, and in debugging mode * Unauthorized access to App’s data * Dynamic attack or App hooking at runtime (using tools like Frida, Xposed, ...) * Overlay and Cloak & Dagger attack prevention * Misuse of Accessibility Services * App instance relocation (device unbinding) * SIM swapping ## Premium Products Discover Talsec premium products: RASP+, AppiCrypt, MalwareDetection, and AppHardening (Dynamic TLS Pinning, Secret Vault).
Cover image
RASP+ SDK. Provides in-App protection and shielding.Rasp+.pngrasp
AppiCrypt® aims to combat API abuse.AppiCrypt.pngappicrypt
Active protection against known malware, counterfeit app clones and other potentially risky apps.MalwareDetection.pngmalware-detection
AppHardening includes Dynamic TLS Pinning and Secret Vault.AppHardering.pngapp-hardening-suite
AppiCryptWeb aims to combat API abuse from WebImage 07.11.2025 at 12.15.jpghttps://docs.talsec.app/premium-products/product/appicryptweb
## Product Previews🆕 Get an exclusive peek at what’s next—future products, early previews, and insights from our roadmap. Connect with our experts to learn more.
AI Device Risk Summary 🤖AppHardering.pngai-device-risk-summary-new
### OWASP Mobile top 10 risks mapping OWASP community published the top 10 mobile App risks. All of them represent a risk of certain fraudulent behaviour or attack. In the table below we map which of these issues Talsec RASP SDK and AppiCrypt® SDK help to address.

Mobile OWASP

Top10 2024

RASP+AppiCryptApp HardeningMalware Detection
M1: Improper Credential UsageMitigatesMitigatesMitigates
M2: Inadequate Supply Chain SecurityMitigates


M3: Insecure Authentication / AuthorizationMitigatesMitigates

M4: Insufficient Input/Output Validation
Mitigates

M5: Insecure Communication

Mitigates
M6: Inadequate Privacy ControlsMitigatesMitigatesMitigatesMitigates
M7: Insufficient Binary ProtectionMitigatesMitigates

M8: Security MisconfigurationMitigatesMitigatesMitigates
M9: Insecure Data
Storage

Helps
M10: Insufficient Cryptography

Helps

## Additional Trending Attack Vectors Talsec also covers the following attack types that are not directly part of OWASP Top10 but still actual and exploitable as Telsec team believes. | **Fraudsters Attack vectors** | **Talsec RASP+** | **AppiCrypt®** | **AppHardening** | **Malware Detection** | | ------------------------------------------------------------- | ---------------- | -------------- | ---------------- | --------------------- | |

Session hijacking


| Mitigates | Mitigates |


|


| |

Man in the middle


|


|


| Mitigates | Mitigates | |

SIM swapping


|


| Mitigates |


|


| | **API-abuse** |


| Mitigates |


|


| | **JSON injections** |


| Mitigates |


|


| | **Fraudulent Apps (malware)** | Mitigates | Mitigates |


| Mitigates | | **Untrusted install sources** | Mitigates | Mitigates |


|


| ## **Platform availability information**

Android (smartphone, tablet, Android TV)iOS (iPhone, iPad)FLUTTERCORDOVA / REACT NATIVE / CAPACITOR
MOBILE APP ATTACK DETECTION



Root/jailbreak detection




Debug mode detection




Emulator/Simulator detection




Tamper and repackaging detection (signature, package name, bundleID, etc.)

Hook detection




Device binding




Overlay detection

N/AAndroidAndroid
Accessibility Services misuse protection

N/AAndroidAndroid
Unofficial installation source detection




Obfuscation issues detection

N/AAndroidAndroid
DEVICE & OS SECURITY CHECK



Keystore/Keychain




Device lock




Mobile Services

N/AAndroidAndroid
Last security patch

N/AAndroidAndroid
System VPN




Developer mode

N/AAndroidAndroid
AppiCrypt® - App Integrity Cryptogram




HARDENING SDK - tools to increase app security



Dynamic certificate pinning




Secret vault




> ### [TALSEC PLANS COMPARISON TABLE ](https://www.talsec.app/plans-comparison)