search

talsec / Free-RASP-ReactNative

React Native plugin for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
91 stars 12 forks source link

App Integrity threat not detected in iOS device || Expo React Native #68

Closed Mr-harsh10 closed 4 months ago

Mr-harsh10 commented 5 months ago

I am working on a React Native Expo app. During penetration testing, the tester was able to tamper with my app, rebundle it, and run it without any issues. I need to prevent this.

Dependencies "expo": "^49.0.0", "react-native": "0.72.10", "freerasp-react-native": "^3.7.2",

tompsota commented 5 months ago

Hello @Mr-harsh10,

Did you get any report from the penetration tester? It would be awesome if you could share with us how the tester was able to bypass freeRASP - i.e. which tools were used, which part of freeRASP was bypassed, etc.

You can also reach out to us at support@talsec.app - just please reference this issue.

Regards, Tomas from Talsec

Mr-harsh10 commented 5 months ago

Hello @tompsota thanks for the reply, I don't know which tool was used by the testing team. But appIntegrity threat is detected successfully on android but not on ios.

which part of freeRASP was bypassed, - appIntegrity

tompsota commented 5 months ago

Hello @Mr-harsh10,

We are aware that there are certain ways how to bypass freeRASP - and we are sure that experienced pentester will be able to bypass freeRASP.

If you are looking for a more advanced solution, take a look at BusinessRASP, which includes advanced protection of your app - including better resilience against bypassing - read more about the differences to freeRASP here and more about commercial offer here.

As long as you don't provide us any data about how (at least conceptually) your pentesting team was able to bypass freeRASP, I'm afraid we won't be able to determine how to prevent it right now. There may be multiple ways how to bypass appIntegrity; the attack may occur on multiple layers, e.g. in native iOS, JS, RN bridge...

Best, Tomas from Talsec

github-actions[bot] commented 4 months ago

Hello! This issue has been marked as inactive. If there is no further activity within the next 14 days, this issue will be automatically closed. If you believe this issue is still relevant and requires attention, please comment or provide additional information.

github-actions[bot] commented 4 months ago

Hello! This issue has been closed. If you believe this issue is still relevant and requires attention, please reopen the issue.