Articles by

Ostorlab Team

This article presents a thorough, hands-on analysis and proof of concept for exploiting an OOB XXE vulnerability CVE-2021-29620 in Report Portal. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

Product

From Random to Intelligent: How AI-Powered Monkey Testing Achieves 10x Mobile App Coverage

Ostorlab’s AI Monkey Tester transforms mobile app security testing by using natural language prom...

Fri 01 August 2025

Security

Automating Security Research: AI Engine Exploits Zulip Stored XSS (CVE-2025-52559)

This article presents a thorough, hands-on analysis and proof of concept for exploiting the store...

Mon 28 July 2025

Product

SSL Scanner Overhaul and Improved UI Call Coverage Powered by User-Defined Prompts

This release introduces major enhancements to our AI-powered UI exploration engine, delivering sm...

Tue 22 July 2025

Ostorlab's May 2025 update delivers comprehensive privacy analysis capabilities with 21 new data collection categories and enhanced verification tools. This release introduces specialized Attack Surface scan profiles for optimized security assessments, adds GitHub source code integration for precise vulnerability mapping, and implements QPS rate limiting for controlled scanning. Additional improvements include mobile scan URL regex controls, streamlined Jira integration, and expanded fingerprinting capabilities for improved detection accuracy.

This research introduces a pioneering dual approach that combines signature-based matching (DalvikFLIRT) with LLM-powered code transformation to bypass sophisticated Android app obfuscation, enabling automated security analysis of previously impenetrable code.

Latest posts

CNIL Standard Integration, SARIF Support, Copilot Enhancements, and Smarter Vulnerability Analysis.

This release introduces CNIL standard support, SARIF export, and improved vulnerability insights with locations and advanced search. Copilot is more powerful, performance is faster, and asset and remediation workflows are smoother.

Mon 07 April 2025

Ostorlab's Security Scanner GitHub App,Ticket Aggregation V2, Copilot Launch, and Enhanced Security Features

February's update introduces Ticket Aggregation V2 and Ostorlab Copilot, alongside improvements to reporting capabilities and detection mechanisms. These updates enhance vulnerability management, user experience, and security analysis across the platform.

Thu 20 February 2025

Effective Vulnerability Ticketing System with Ostorlab

This article announces Ostorlab's vulnerability ticketing system V2 and how it automates and streamlines the entire process of managing, and remediating security vulnerabilities through features like automated ticket creation, lifecycle management, policy enforcement, and integration with existing tools.

Tue 18 February 2025

AI-Automated Attack Surface Management: The Future of Cybersecurity Discovery

This article explores AI-automated attack surface management, its impact on cybersecurity, and how it automates asset discovery and vulnerability detection.

Fri 14 February 2025

AI-automated Attack surface, Privacy Analysis, Wordpress agent, and more.

Ostorlab's January 2025 update introduces AI-powered attack surface discovery and improves IDE performance. The release expands detection capabilities with new secret and privacy checks, adds a WordPress security agent, and implements additional threat fingerprints and CVE support. A new Privacy profile for compliance analysis is launched, along with enhancements to scan options and vulnerability reporting. These updates aim to improve asset analysis, security assessments, and risk mitigation across various digital environments.

Mon 20 January 2025

Advanced Search Query, API Endpoints, Tons of new detections, and more.

The December release introduces advanced inventory search with Python-like syntax, enhanced asset status filtering, API endpoint autodiscovery, and comprehensive scan summaries. Additionally, it adds GraphQL vulnerability detection, domain takeover prevention, new CVE detections, privacy compliance checks, and Jira integration improvements for streamlined issue management.

Mon 02 December 2024

Revamped Search, new detection capabilities, actively exploited CVEs and much more.

The latest releases introduces a revamped search UI, new detection capabilities, attack surface & inventory performance improvements, plus much more.

Tue 22 October 2024

HTTP2, Private Custom Checks, actively exploited CVE and much more.

The latest releases introduce HTTP/2 support, improve UI and detection, enhance privacy and security measures, and update custom checks and analysis environments for better performance.

Mon 07 October 2024


Previous
1 of 10