Last updated
Company
General Terms and ConditionsLast updated
App Hardening Suite - the set of tools for Mobile Apps developers that help to solve and mitigate some specific security issues.
Application Layer End-2-End Encryption (e.g. sensitive payload from MiTM or Evil-Admin) [COMING SOON]
App data Encryption (e.g. to protect user’s data or app assets at rest on the device) [COMING SOON]
Certificate pinning forces the client app to validate the server’s certificate against known characteristics/fingerprint (certificate, public key, hashed public key, etc.). Application without certificate pinning is prone to man-in-the-middle or DNS spoofing attacks.
Why should you choose Dynamic TLS Pinning over the static certificate pinning?
Implementation of certificate pinning will usually use certificates hard-coded in applications. This approach will enforce both the rebuild of an application and the update for users when the hardcoded certificate is about to expire or is revoked. In applications that are pinning multiple certificates, this enforcement may occur too often.
Talsec Dynamic TLS Pinning implements dynamic certificate pinning. It solves the problem by transferring trust from hard-coded certificates to hard-coded "master" keys. This way, we can separate the lifecycles of certificates and trusted keys. Talsec uses a trust list, a collection of server certificates signed by the key trusted by all clients. After successful signature verification, certificates can be used for certificate pinning.
Data of trust lists are hard-coded and/or transferred over a network to a client using a specified format. The same data can be represented in multiple formats. We also provide tool for public key obfuscation.
Talsec's Secret Vault offers a robust solution to the prevalent issue of secret leakage in applications. By dynamically provisioning secrets and eliminating the need to hardcode them within your code, Secret Vault adds a layer of security that protects your sensitive data from prying eyes. This innovative approach safeguards your API keys, encryption keys, tokens, and other confidential information from both manual reverse engineering and automated secret extraction tools.
The Secret Vault's user-friendly integration allows you to seamlessly replace secret strings in your code with a secure and dynamic alternative. With Secret Vault, you can rest assured that your application's secrets remain confidential, even in the face of sophisticated threats. By dynamically updating the MagicFile, you can keep your secrets up-to-date and protected without compromising the functionality or efficiency of your application. Secret Vault is an essential tool for any developer seeking to enhance their application's security and safeguard their sensitive data.
