SirionRazzer
commented
5 hours ago Hi all,
We would like to contribute to the RASP weakness section.
Since related weaknesses, such as root/jailbreak detection and integrity, are addressed in separate units, this test is designed to focus on verifying core RASP operations. It aims to assess how well the RASP fulfills its responsibilities (e.g., reactions, threat telemetry data collection, bypass-resiliency, etc.).
A key component highly required for this test is a (written) security policy enforced by the app developer. This policy should outline all expected reactions, security processes, and features that the RASP solution should provide. Given the wide variation in use cases and RASP setups, the test is structured to be adaptable to different RASP implementations.
While designed to be RASP-product agnostic, for the demo, we mocked freeRASP integration, a well-established solution deployed on over 500 million devices, to show common components and demonstrate how to test simple flows. It's important to note that different RASP products come with unique setups, so evaluation routines will vary significantly.
Best Regards Tomáš Soukal
This PR closes #2773