This update adds the discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.


Better UI, more concise scan report, improved detection of insecure webview usage, and multiple bug fixes.

This update improves the user interface of the platform, adds new detection for Webview-related vulnerabilities, and ships multiple bug fixes.

Tue 23 April 2024


Objetive C instrumentation, detection of insecure data storage, Regex DoS, and multiple bug fixes.

This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.

Mon 15 April 2024


Detection of Apple's Privacy Manifest, liblzma backdoor, and Attack Surface fixes.

This update introduces fixes for the Attack Surface, detection for the liblzma backdoor, and a public store for agents.

Mon 01 April 2024

The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.

This update introduces fixes for the Attack Surface, migration of Agent's Docker Images to Docker Hub, enhanced detection capabilities for vulnerabilities, and support for ARM64 architecture in OSS.

Latest posts

Exposed Scan PCAP and JIRA custom Mapping

This update introduces a series of new features related to the IDE, Jira integration, OXO, and many improvements to the platform.

Mon 18 March 2024

Enhancements to the Open Source CLI, Platform, and Detection.

This update introduces various improvements to the XSS scanner, the functionality of the open-source CLI, and monitoring rule creation.

Mon 11 March 2024

Attack Surface, Remediation, Automation Rules, and Detection improvements

This update introduce a series of updates aimed at enhancing user experience, platform improvements, and bug fixes across various features.

Mon 04 March 2024

OXO Open-Source Improving

The latest update of OXO open-source introduces substantial improvements, providing users with faster startup and execution times. Additionally, this update enhances search capabilities in the CLI for more effective querying. Users now also benefit from increased customization options, including the ability to define accepted agents and specify in_selector in the agent group definition.

Mon 26 February 2024

Test Credential Name

The latest update introduces the addition of a "test credential name" feature, allowing users to label test credentials for easier identification and management.

Mon 19 February 2024

Attack Surface Discovery paths

The latest update incorporates attack surface discovery paths, offering detailed insights into how assets were discovered. This addition helps understand from which asset(s) a particular asset came from.

Fri 16 February 2024

IAM, XSS and over 1000 new dynamic rules.

Recent updates have significantly enhanced dynamic analysis with new programming language support and vulnerable pattern detection, refined IAM management with new roles, improved granularity in attack surface access, advanced XSS detection, and vulnerable dependency identification, alongside crucial bug fixes across the system.

Mon 12 February 2024

Support for Basic Authentication, HTTP folders and other improvements

Ostorlab has added support for Basic Authentication, HTTP folders and various enhancements to the attack surface and stack traces sections.

Tue 16 January 2024

1 of 8