Open yardexx opened 3 months ago
@yardexx Regarding your comment in #121 "freeRASP performs security checks at startup and then periodically after a set interval. This creates a time window that could be exploited for an attack. If you start the app directly with frida, it will be detected. However, if you run the app and then attach frida within this time window, frida won't be detected until the next periodic check." Suppose we start freeRasp during the startup - it run the checks. after sometime if we manually start the talsec engine using Talsec.instance.start(config); again - won't the checks be performed again?? Or will the engine be started only once even if we call "Talsec.instance.start(config);" multiple times and checks will be performed at the prescribed interval only??
Calling Talsec.instance.start(...)
will not trigger the checks to run again.
The philosophy of the Talsec SDK is to start it at the beginning of the app's lifecycle and have it run continuously until the app is closed. You can think of Talsec as a global singleton that maintains the app's security state throughout its lifecycle.
Is your feature request related to a problem? Please describe. Talsec currently uses periodic checks which suffers from time window issue. This causes late detections if attacker carries attack/uses tooling after initial checks or between two periods.
Describe the solution you'd like Talsec should be based on proactive protections - issue is detected as soon as incident happens.
Additional context Copy from this issue.