talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
194 stars 20 forks source link

feat: proactive detections #124

Open yardexx opened 3 months ago

yardexx commented 3 months ago

Is your feature request related to a problem? Please describe. Talsec currently uses periodic checks which suffers from time window issue. This causes late detections if attacker carries attack/uses tooling after initial checks or between two periods.

Describe the solution you'd like Talsec should be based on proactive protections - issue is detected as soon as incident happens.

Additional context Copy from this issue.

rakesh0689 commented 3 months ago

@yardexx Regarding your comment in #121 "freeRASP performs security checks at startup and then periodically after a set interval. This creates a time window that could be exploited for an attack. If you start the app directly with frida, it will be detected. However, if you run the app and then attach frida within this time window, frida won't be detected until the next periodic check." Suppose we start freeRasp during the startup - it run the checks. after sometime if we manually start the talsec engine using Talsec.instance.start(config); again - won't the checks be performed again?? Or will the engine be started only once even if we call "Talsec.instance.start(config);" multiple times and checks will be performed at the prescribed interval only??

yardexx commented 2 months ago

Calling Talsec.instance.start(...) will not trigger the checks to run again.

The philosophy of the Talsec SDK is to start it at the beginning of the app's lifecycle and have it run continuously until the app is closed. You can think of Talsec as a global singleton that maintains the app's security state throughout its lifecycle.