Category

Engineering

Agentic harnesses change what an LLM can do in mobile app security testing. On its own, a model can name likely risks such as insecure storage, exposed secrets, risky permissions, vulnerable SDKs, backend issues, and privacy exposure, but the app may remain untouched. With the right tools, context, memory, prompts, execution loops, and runtime feedback around it, the model can inspect the app package, observe behavior, follow traffic, connect signals, and leave behind evidence a security team can review. From permission analysis to JEF-powered native exploitation, the difference is visible in the trace: app evidence, tool output, runtime proof, and reproducible steps instead of report-shaped text.

Engineering

Building an AI PR Reviewer Engineers Actually Trust

We built an AI-powered pull request reviewer, shut it down after hallucinations and false positiv...

Mon 08 June 2026

Engineering

Threat Center v2: Staying Ahead of Vulnerabilities

The Threat Center provides essential updates for organizations to stay informed about security th...

Thu 10 October 2024

Engineering

OXO Titan UI: Simplifying Security Scanning for Everyone

OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanc...

Mon 26 August 2024

OXO version 1.0, is 10x times faster, supports ARM64 architectures, and is packed with improved capabilities like scanning multiple assets, simpler and powerful CLI.

This article offers a guide to Privacy Manifest files in Apple's ecosystem, stressing their importance for transparency and compliance, especially with the upcoming 2024 mandate, outlining steps for implementation, and underscoring their role in promoting user trust and adherence to regulations.

Latest posts

Enhancing PostMessage XSS Detection with Proxy Object Instrumentation

The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerabilities using JavaScript Proxy objects, which enhances traditional dynamic fuzzing techniques.

Thu 04 April 2024

Swift Under the Microscope: Practical Dynamic Instrumentation

Article on Swift Dynamic Instrumentation. The article explains the steps to perform dynamic analysis of Swift-based application, covering name mangling, Swift ABI & extraction of function arguments in Swift.

Mon 11 March 2024

Strategies for writing super fast Python

In this article, we look at different ways to improve the performance of Python which is an interpreted language.

Tue 18 April 2023

Fix it! at Ostorlab

Ostorlab's Fix it! practice is one of our most successful engineering practices helping us eradicate bugs and kill technical debt.

Sun 19 February 2023

Tips and tricks for developing & debugging OXO Agents.

Tips and tricks to make your life easier when developing & debugging OXO Agents.

Thu 18 August 2022

Life of a Scan: how OXO's open-source vulnerability scanner works

This article talks about how OXO works under the hood.

Tue 02 August 2022

What I've learned from my first job as a Software Engineer at Ostorlab

This article talks about the experience of Rabson Phiri who works as a Software Engineer at Ostorlab.

Tue 19 April 2022

Detection Engine @ Ostorlab

Overview of the detection capabilities provided by Ostorlab

Fri 01 May 2020


Previous
1 of 2