3

I noticed that for flutter there isn't a plugin or similar that manages security vulnerabilities of apps.

The code can be obfuscated with the --obfuscate option in build phase.

For the other aspects there are some libraries like: flutter_security and flutter_jailbreak_detection that are not very well documented or are limited to only some aspect of the security field.

There is then freeRASP that seems to be more complete but the free version could not be a good idea for a product project.

How do you secure your application to check jailbreak/roos, anti-tampering and so on?

NB: I know that is impossible to protect an app against the 100% of the attacks and so on, but I need to add some controls in order to pass vulnerability team tests :/

Serus
  • 302
  • 2
  • 15

1 Answers1

3

I have had a similar problem. I've ended up using semgrep as SAST and freeRASP for the rest of it.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Aleksandr Krasnov
  • 46
  • 2
  • So there aren't a lot of alternatives.... could you please explain me how to generate the hash code for the signing certificate to use with freerasp? – Serus May 02 '22 at 06:33
  • Yes, true... nothing out there :D For certs, I used cert by fastlane that does most of the heavy lifting there. For semgrep, I am writing custom rules myself since there is almost nothing out there for Flutter, but OWASP Top 10 could be pretty language agnostic, so I just create a custom ruleset there. – Aleksandr Krasnov May 03 '22 at 16:28