Open Mr-harsh10 opened 3 weeks ago
tompsota
commented
3 weeks ago Hello @Mr-harsh10,
Did you get any report from the penetration tester? It would be awesome if you could share with us how the tester was able to bypass freeRASP - i.e. which tools were used, which part of freeRASP was bypassed, etc.
You can also reach out to us at support@talsec.app - just please reference this issue.
Regards, Tomas from Talsec
Mr-harsh10
commented
3 weeks ago Hello @tompsota thanks for the reply, I don't know which tool was used by the testing team. But appIntegrity threat is detected successfully on android but not on ios.
which part of freeRASP was bypassed, - appIntegrity
tompsota
commented
3 weeks ago Hello @Mr-harsh10,
We are aware that there are certain ways how to bypass freeRASP - and we are sure that experienced pentester will be able to bypass freeRASP.
If you are looking for a more advanced solution, take a look at BusinessRASP, which includes advanced protection of your app - including better resilience against bypassing - read more about the differences to freeRASP here and more about commercial offer here.
As long as you don't provide us any data about how (at least conceptually) your pentesting team was able to bypass freeRASP, I'm afraid we won't be able to determine how to prevent it right now. There may be multiple ways how to bypass appIntegrity; the attack may occur on multiple layers, e.g. in native iOS, JS, RN bridge...
Best, Tomas from Talsec
I am working on a React Native Expo app. During penetration testing, the tester was able to tamper with my app, rebundle it, and run it without any issues. I need to prevent this.
Dependencies "expo": "^49.0.0", "react-native": "0.72.10", "freerasp-react-native": "^3.7.2",