Alaeddine Mesbahi
Enhancing PostMessage XSS Detection with Proxy Object Instrumentation
The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerabilities using JavaScript Proxy objects, which enhances traditional dynamic fuzzing techniques.
Thu 04 April 2024
2023 in review
As 2023 has concluded, it's time to reflect and prepare for an optimistic 2024.
Wed 10 January 2024
New OWASP Mobile Top 10
Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.
Mon 27 November 2023
Where are all these 3rd party SDKs sending my users' data? 😨
Ostorlab’s new features are laser-focused on helping teams understand, track and search their attack surface, what attackers are seeing and targeting, and basically what can get an organization hacked.
Thu 02 February 2023
2022 at Ostorlab
2022 is a year that brings with it many global challenges, including war, economic uncertainty, and rising inflation in many parts of the world. Despite these challenges, we at Ostorlab are grateful to have had an incredibly successful year.
Text4Shell (CVE-2022-42889) in Mobile Applications ... should I worry?
CVE-2022-42889 is a vulnerability in the Apache Commons Text Library caused by string interpolation abusing powerful handlers and present in popular application like Amazon Shopping, Udemy and Grammarly. This article goes over the applicability and risk of this vulnerability for Mobile Applications.
Latest posts
Improved Attack Surface Discovery, Mobile and Web Security Scanning
Largest release with improvements to Attack Surface, Open-Source, Mobile and Web scanning and much much more.
Thu 18 August 2022
Ostorlab vs. NowSecure vs. MobSF vs. Immuniweb vs. AppKnox vs. Quixxi vs. Oversecured
This article provides a comprehensive view of the security mobile security scanning solutions, while at the same time highlighting what truly differentiates them.
Mon 21 March 2022
Ostorlab is Open-Source 🎊
This is a major release open-sourcing Ostorlab and announcing tons of new features and capabilities.
Mon 21 February 2022
New Features, improved ticket management, integrations including Jira support
Vulnerability management is a hard journey, the help enable fixing of vulnerabilities urgently, diligently and efficiently, we are excited to release our new remediation capabilities with a wealth of new features.
Thu 04 November 2021
Release of a new remediation capabilities to enable fast, diligent and efficient fixes
Vulnerability management is a hard journey, the help enable fixing of vulnerabilities urgently, diligently and efficiently, we are excited to release our new remediation capabilities with a wealth of new features.
Wed 06 October 2021
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.
Tue 18 May 2021
Finding superhuman XSS polyglot payloads with Genetic Algorithms
The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.
Mon 01 March 2021
Ostorlab adds Web Security Scanning to its arsenal
Ostorlab is adding Web Security Scanner to its arsenal with novel approaches to vulnerability discovery.
Mon 15 February 2021