Ostorlab: Mobile App Security Testing for Android and iOS

Articles by

Abderrahim Haddadi

AI Pentest Engine Discovers Critical WebSocket BFLA in GraphQL Subscriptions

Ostorlab's AI Pentest Engine systematically uncovered a critical Broken Function-Level Authorization (BFLA) vulnerability in a GraphQL WebSocket endpoint, allowing unauthenticated access to a real-time translation service. This case study details the AI's step-by-step process, from discovery to proof-of-concept.

Abderrahim Haddadi


            Fri 26 December 2025

Product

Ostorlab Security Scanner GitHub Integration

The Ostorlab Security Scanner GitHub Integration enhances mobile app development workflows by emb...

Abderrahim HADDADI


                  Wed 21 May 2025

Security

Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers acc...

Nour Eddine Masdoufi, Abderrahim Haddadi


                  Thu 12 September 2024

Engineering

Swift Under the Microscope: Practical Dynamic Instrumentation

Article on Swift Dynamic Instrumentation. The article explains the steps to perform dynamic analy...

Abderrahim Haddadi


                  Mon 11 March 2024

Abderrahim Haddadi

AI Pentest Engine Discovers Critical WebSocket BFLA in GraphQL Subscriptions

Ostorlab Security Scanner GitHub Integration

Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction

Swift Under the Microscope: Practical Dynamic Instrumentation

Subscribe to the Ostorlab Newsletter