Alaeddine Mesbahi
LinkedInEnhancing PostMessage XSS Detection with Proxy Object Instrumentation
The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerabilities using JavaScript Proxy objects, which enhances traditional dynamic fuzzing techniques.
Thu 04 April 2024
2023 in review
As 2023 has concluded, it's time to reflect and prepare for an optimistic 2024.
Wed 10 January 2024
New OWASP Mobile Top 10
Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.
Mon 27 November 2023
Ostorlab Achieves SOC2 Type 2 Certification for Commitment to Security and Data Protection
Ostorlab has successfully completed its SOC2 Type 2 audit, demonstrating its commitment to securi...
Wed 12 April 2023
Fix it! at Ostorlab
Ostorlab's Fix it! practice is one of our most successful engineering practices helping us eradicate bugs and kill technical debt.
Where are all these 3rd party SDKs sending my users' data? 😨
Ostorlab’s new features are laser-focused on helping teams understand, track and search their attack surface, what attackers are seeing and targeting, and basically what can get an organization hacked.
Latest posts
2022 at Ostorlab
2022 is a year that brings with it many global challenges, including war, economic uncertainty, and rising inflation in many parts of the world. Despite these challenges, we at Ostorlab are grateful to have had an incredibly successful year.
Tue 03 January 2023
Text4Shell (CVE-2022-42889) in Mobile Applications ... should I worry?
CVE-2022-42889 is a vulnerability in the Apache Commons Text Library caused by string interpolation abusing powerful handlers and present in popular application like Amazon Shopping, Udemy and Grammarly. This article goes over the applicability and risk of this vulnerability for Mobile Applications.
Mon 24 October 2022
Improved Attack Surface Discovery, Mobile and Web Security Scanning
Largest release with improvements to Attack Surface, Open-Source, Mobile and Web scanning and much much more.
Thu 18 August 2022
Ostorlab vs. NowSecure vs. MobSF vs. Immuniweb vs. AppKnox vs. Quixxi vs. Oversecured
This article provides a comprehensive view of the security mobile security scanning solutions, while at the same time highlighting what truly differentiates them.
Mon 21 March 2022
Ostorlab is Open-Source 🎊
This is a major release open-sourcing Ostorlab and announcing tons of new features and capabilities.
Mon 21 February 2022
New Features, improved ticket management, integrations including Jira support
Vulnerability management is a hard journey, the help enable fixing of vulnerabilities urgently, diligently and efficiently, we are excited to release our new remediation capabilities with a wealth of new features.
Thu 04 November 2021
Release of a new remediation capabilities to enable fast, diligent and efficient fixes
Vulnerability management is a hard journey, the help enable fixing of vulnerabilities urgently, diligently and efficiently, we are excited to release our new remediation capabilities with a wealth of new features.
Wed 06 October 2021
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.
Tue 18 May 2021