Bilal Harras

Digital Marketer LinkedIn

Bilal is a digital marketer at Ostorlab, specializing in cybersecurity content, digital strategy, and brand growth. He works on making complex security topics more accessible through clear, credible, and engaging content for both technical and business audiences. By combining strategic communication with valuable content, Bilal contributes to Ostorlab's growth and helps strengthen its brand presence in the cybersecurity space. He believes that valuable content is essential to building a strong and trusted brand.
Articles by Bilal Harras

Security

There Is No Magic Box: Why AI-Era AppSec Needs a Stack

Walk the floor of any major cybersecurity conference today and you will hear about the promise of autonomous AI-powered platforms. But AI-only testing doesn't scale. A resilient AppSec program requires a cost-aware, tiered stack combining rapid traditional scanners, private semantic reviews, and selective orchestration of frontier models.

Bilal HARRAS
Mon 22 June 2026

Security

The Definitive Guide to Mobile App Vetting: Securing the Enterprise App Ecosystem

This comprehensive guide covers the architecture, risk methodologies, and deployment frameworks r...

Fri 19 June 2026

Security

Android Intent Redirection: Attack Vectors and Mitigations

A deep dive into Android intent redirection vulnerabilities, showing how exported “proxy” compone...

Thu 23 April 2026

Product

Introducing HarmonyOS App Scans + Huawei AppGallery Scans

Find a vulnerability scanner for HarmonyOS apps and Huawei AppGallery releases: Ostorlab adds aut...

Mon 20 April 2026

Security

Mobile AppSec Testing Best Practices for High-Tech Teams Shipping at Scale

A technical guide to mobile application security testing best practices for high-tech teams shipping iOS and Android apps at scale, covering MAST vs SAST vs DAST, mobile attack-surface testing, evidence-rich findings, CI/CD integration, severity-based release gating, compliance considerations, and how to evaluate a mobile AppSec solution.

Thu 16 April 2026

Security

DORA Third‑Party Risk for Mobile AppSec: SDK Governance and Audit‑Ready Evidence Packs

A deep dive into DORA-focused third‑party risk for mobile AppSec, showing why embedded SDKs and runtime providers demand release‑scoped governance because vulnerabilities persist across multiple app versions in the wild and provider outages directly break critical journeys. It outlines an audit‑ready approach built on per‑release SDK inventories and diffs, approval/ban rules, patch SLAs with time‑boxed exceptions, and evidence packs that stay version‑scoped, indexed, and quickly retrievable.

Tue 14 April 2026

Latest posts

Product

Announcing Ostorlab for Bitrise: Mobile security scans in your CI

Ostorlab now integrates with Bitrise to run automated mobile application security scans inside CI workflows. Using a Bitrise Secret plus a simple Script step, teams can install the Ostorlab CLI and run ostorlab ci-scan run against the same build artifacts produced by the pipeline (e.g., Android APK, Android AAB, or iOS IPA). The integration helps shift security left by shortening feedback loops and catching vulnerabilities earlier, with options to tailor scans via profiles (fast, full, agentic deep scan) and optional inputs like test credentials, SBOM, and UI prompts.

Fri 27 March 2026

Security

Mobile Operational Resilience Under DORA: The simplest drill library for BFSI journeys

A mobile-first guide to DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.

Tue 24 March 2026

Security

DORA Compliance for Mobile Releases: The easiest baseline, verdict, and exceptions model

A mobile-first guide to DORA regulation and DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.

Tue 10 March 2026

Security

DORA Compliance for Mobile Teams: Understanding scope and what you need to do

A mobile-first guide to DORA regulation and DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.

Tue 03 March 2026

Product

Top Mobile App Security Testing (MAST) Platforms 2026 | Vendor Evaluations

Evaluate the best MAST tools for 2026. Compare Quokka, Zimperium, Data Theorem, NowSecure, and Ostorlab for CI/CD integration, AI threat detection, and SDK support.

Mon 05 January 2026

Security

Understanding Android's FLAG_SECURE for Screen Security

What Android’s FLAG_SECURE does, how it prevents screenshots and screen recordings of sensitive app content, how to implement it correctly, where it makes sense to use it, and the key limitations and UX trade-offs developers need to understand, including its behavior with casting and external displays.

Mon 29 December 2025

Changelog

View all changes