Ostorlab detects Dependency Confusion

Dependency Confusion is a new attack with high severity impact. This article is an overview of the vulnerability as well as other supply chain attacks.


Finding superhuman XSS polyglot payloads with Genetic Algorithms

The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.

Mon 01 March 2021


News and Updates of Week 8

This weeks is marked by multiple high profile data breaches affecting Cashalo, Npower, Kia, T-Mobile and Clubhouse.

Sun 28 February 2021


Finding and Validating Hardcoded Keys and Secrets

Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.

Fri 30 October 2020

Autonomous Security: Pushing Security Automation to the Next Level

The article introduces the term Autonomous Security in the context of security scanning and defines 5 tiers of maturity.

Latest posts

COVID-19 Contact Tracing App Wiqaytna Mobile Application Security Review

Mobile security testing of Covid-19 Contact Tracing Application Wiqaytna

Mon 15 June 2020

[Online Event] Security of 3rd party dependencies in Mobile Applications

Mobile applications assessments, automation of 3rd party dependency review

Fri 12 June 2020

Ostorlab Insecure Application

This article describes the usage of Ostorlab Insecure Application.

Mon 14 October 2019

Application Security Testing on non-Jailbroken iOS from Linux

How to perform security checks of an iOS application file on a non-jailbroken iPhone from a Linux Machine.

Tue 08 October 2019

Security, what opportunities and challenges for 2019?

Use the start of the year to contemplate how the previous year went, and prepare for the upcoming is an important exercise to put things into perspective and reevaluate some of our choices.

Mon 07 January 2019

DOM XSS Fuzzing strategies - Part 1

XSS are still by far the most common tyope of vulnerabilities, this article presents strategies to automate the search for XSSes.

Sat 22 December 2018

Hardcoded AWS keys in Mobile Applications

This article is about how to manage AWS access keys when using AWS services in your mobile application.

Thu 20 December 2018

Reinforcement Learning & Automated Testing - part 1

I will be sharing through a series of blog posts our past experimentations with the use of reinforcement learning for automated testing, to both chase bugs and find vulnerabilities.

Mon 22 January 2018