Introducing Ostorlab App Vetting for the Agentic Era
Ostorlab has launched App Vetting, a mobile application risk assessment solution that helps teams evaluate Android and iOS apps before approval. It combines static analysis, dynamic testing, and secure sandbox execution with continuous monitoring, weighted risk scoring, and agentic workflows to identify vulnerabilities, privacy risks, malware indicators, telemetry behavior, and trust issues while helping teams prioritize what matters most.
Tue 16 June 2026
Building an AI PR Reviewer Engineers Actually Trust
We built an AI-powered pull request reviewer, shut it down after hallucinations and false positiv...
Mon 08 June 2026
DORA Compliance Checklist for Banking & Fintech: Audit-Ready Operational Resilience Validation
A DORA compliance checklist helps banking and fintech organizations evaluate operational resilien...
Wed 29 April 2026
Mobile Banking Security Testing: Protecting Financial Apps, Data, and Transactions
Protecting mobile banking apps requires more than securing the client alone. This guide explores ...
Thu 16 April 2026
Announcing Ostorlab for Harness: Mobile Security Scanning in CI Pipelines
Ostorlab now integrates with Harness CI to run automated mobile application security scans inside CI pipelines. Using Harness Secrets and a simple Run step, teams can install the Ostorlab CLI and run ostorlab ci-scan run against the same build artifacts produced by the pipeline (e.g., Android APK, Android AAB, or iOS IPA). The integration helps bring security into CI by improving feedback speed and catching vulnerabilities earlier, with options to tailor scans via profiles (fast, full) and optional inputs like test credentials, SBOM, and UI prompts.
How to Automate Security Testing Behind Login Walls (2FA & MFA)
Modern applications are more secure than ever, but that security introduces a major challenge. With the widespread adoption of Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA), automated security testing often stops at the login stage. As a result, automated testing often fails to reach the parts of the application where real user activity and risk exist.