Alaeddine Mesbahi Articles
Where are all these 3rd party SDKs sending my users' data? 😨
Ostorlab’s new features are laser-focused on helping teams understand, track and search their attack surface, what attackers are seeing and targetting, and basically what can get an organization hacked.

2022 at Ostorlab
2022 is a year that brings with it many global challenges, including war, economic uncertainty, and rising inflation in many parts of the world. Despite these challenges, we at Ostorlab are grateful to have had an incredibly successful year.

Text4Shell (CVE-2022-42889) in Mobile Applications ... should I worry?
CVE-2022-42889 is a vulnerability in the Apache Commons Text Library caused by string interpolation abusing powerful handlers and present in popular application like Amazon Shopping, Udemy and Grammarly. This article goes over the applicability and risk of this vulnerability for Mobile Applications.

Improved Attack Surface Discovery, Mobile and Web Security Scanning
Largest release with improvements to Attack Surface, Open-Source, Mobile and Web scanning and much much more.

Ostorlab vs. NowSecure vs. MobSF vs. Immuniweb vs. AppKnox vs. Quixxi vs. Oversecured
This article provides a comprehensive view of the security mobile security scanning solutions, while at the same time highlighting what truly differentiates them.

Ostorlab is Open-Source 🎊
This is a major release open-sourcing Ostorlab and announcing tons of new features and capabilities.

New Features, improved ticket management, integrations including Jira support
Vulnerability management is a hard journey, the help enable fixing of vulnerabilities urgently, diligently and efficiently, we are excited to release our new remediation capabilities with a wealth of new features.

Release of a new remediation capabilities to enable fast, diligent and efficient fixes
Vulnerability management is a hard journey, the help enable fixing of vulnerabilities urgently, diligently and efficiently, we are excited to release our new remediation capabilities with a wealth of new features.

Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.

Finding superhuman XSS polyglot payloads with Genetic Algorithms
The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.

- 1 of 2
- Next