Security

How a second-order client-side data exfiltration chain was discovered in a modern SPA, transforming a simple open redirect into a multi-stage data theft vulnerability through JavaScript analysis and exploit chain validation.

Security

Technical deep dive into Ostorlab AI Pentest Engine inner working, from threat intelligence, risk identification, mobile support to vulnerability validation.

Security

Ostorlab’s reasoning-driven AI engine breaks past rule-based limits to surface previously unknown and hard-to-detect vulnerabilities—including WebView Safe Browsing bypasses, SQLi via projections, WebCrypto key exfiltration, and JWT verification ordering flaws—delivering deeper, smarter, complementary security coverage.

Security

The first open-source benchmark suite featuring 93 realistic vulnerable mobile apps that mirror actual CVE and bug bounty findings - not theoretical textbook examples.

Security

Large-scale security analysis of 500+ top mobile banking apps reveals widespread vulnerabilities, decade-old codebases, and concerning backend centralization patterns.

Security

Precision beats payload spray using Ostorlab's AI engine to systematically land RCE on Titiler and proves exfiltration without a single stack trace.

Security

This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android application for Intent Redirection vulnerabilities. Follow the engine's journey from static analysis and initial findings to rigorous dynamic validation, demonstrating its ability to not only identify potential threats but also to meticulously discard false positives.

Security

This article presents a thorough, hands-on analysis and real-world exploitation of a hardcoded GCP service account with overprivileged Pub/Sub access discovered in a HackerOne mobile app. It details how Ostorlab’s AI-powered pentesting engine automated the full cycle—from authentication and permission enumeration to end-to-end message injection/interception—enabling remediation within four days.