Ostorlab Team Articles
In a mission to build the best security scanning technologies, Ostorlab team is proud to announce that the community scanner is no longer limited and will benefit immediatly from our full static detection capabilities, while we work to scale our dynamic analysis and make readily available.
Use the start of the year to contemplate how the previous year went, and prepare for the upcoming is an important exercise to put things into perspective and reevaluate some of our choices.
I will be sharing through a series of blog posts our past experimentations with the use of reinforcement learning for automated testing, to both chase bugs and find vulnerabilities.
Ostorlab is a community effort to build a mobile application vulnerability scanner to help developers build secure mobile applications. One of the new key components of the scanner detection capabilities is a new shiny static taint engine for Android Dalvik Bytecode that was heavily optimized for performance and low false positives.
We have been for the last few months hard at work developing a new scan engine to identify new classes of vulnerabilities. The new scan engine is capable of identifying SQL injections, intent hijacking, insecure random seed, insecure cryptography etc.
Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.
Before we get into SQL injections and what might go wrong, we'll start by covering some technical information on Content Providers...