You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am working on a React Native Expo app. During penetration testing, the tester was able to tamper with my app, rebundle it, and run it without any issues. I need to prevent this.
Did you get any report from the penetration tester? It would be awesome if you could share with us how the tester was able to bypass freeRASP - i.e. which tools were used, which part of freeRASP was bypassed, etc.
You can also reach out to us at support@talsec.app - just please reference this issue.
Hello @tompsota thanks for the reply,
I don't know which tool was used by the testing team. But appIntegrity threat is detected successfully on android but not on ios.
which part of freeRASP was bypassed, - appIntegrity
We are aware that there are certain ways how to bypass freeRASP - and we are sure that experienced pentester will be able to bypass freeRASP.
If you are looking for a more advanced solution, take a look at BusinessRASP, which includes advanced protection of your app - including better resilience against bypassing - read more about the differences to freeRASP here and more about commercial offer here.
As long as you don't provide us any data about how (at least conceptually) your pentesting team was able to bypass freeRASP, I'm afraid we won't be able to determine how to prevent it right now. There may be multiple ways how to bypass appIntegrity; the attack may occur on multiple layers, e.g. in native iOS, JS, RN bridge...
I am working on a React Native Expo app. During penetration testing, the tester was able to tamper with my app, rebundle it, and run it without any issues. I need to prevent this.
Dependencies
"expo": "^49.0.0",
"react-native": "0.72.10",
"freerasp-react-native": "^3.7.2",
The text was updated successfully, but these errors were encountered: