Ostorlab: Mobile App Security Testing for Android and iOS

We have been for the last few months hard at work developing a new scan engine to identify new classes of vulnerabilities. The new scan engine is capable of identifying SQL injections, intent hijacking, insecure random seed, insecure cryptography etc.

Ostorlab Team


                  Sun 23 April 2017

Security

Testing Cordova Applications

Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.

Ostorlab Team


                  Thu 24 November 2016

Latest posts

Security

Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?

Before we get into SQL injections and what might go wrong, we'll start by covering some technical information on Content Providers...

Ostorlab Team


                    Thu 03 November 2016

Security

Vulnerabilities tested by Google Play Store

Google will start identifying security weaknesses in Apps pushed to the Play Store...

Ostorlab Team


                    Mon 05 September 2016

Security

New in Android M and N: Runtime Permissions

In Android, the permission system was one of the major security concerns of the platform for many reasons...

Ostorlab Team


                    Fri 27 May 2016

Security

SSL Pinning on Android: Best Practices, OkHttp & Retrofit Examples (2026)

Learn how SSL pinning works on Android, what threats it helps mitigate, where it can break, and how to implement it safely with OkHttp, Retrofit, and Android Network Security Configuration. Includes rotation guidance, testing checklist, and legacy library examples.

Ostorlab Team


                    Wed 11 May 2016

Security

Reversing JNI, or how Facebook is crashing their own application

Apparently Facebook is crashing their apps intentionally in order to test users reaction and evaluate their adherence to Facebook service. This post is however not about the user's behavioral analysis, but about the technical aspects of how it is done - or just an excuse to dive into JNI reversing.

Ostorlab Team


                    Thu 07 January 2016

Security

What every pentesters should learn in 2016

The last years have come with meaningful changes in the way IT professionals operate and the way we approach security...

Ostorlab Team


                    Sat 02 January 2016

Security

Best SSL/TLS resources (Attacks, Tools, Talks)

This article will reference the best current resources on SSL/TLS.

Ostorlab Team


                    Tue 25 August 2015

7 of 7

Security

Hardcoded AWS keys in Mobile Applications

Reinforcement Learning & Automated Testing - part 1

Critical attack surface of mobile applications

Finding security bugs in Android applications the hard way

New Taint Engine ... more vulnerabilities found

Testing Cordova Applications

Latest posts

Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?

Vulnerabilities tested by Google Play Store

New in Android M and N: Runtime Permissions

SSL Pinning on Android: Best Practices, OkHttp & Retrofit Examples (2026)

Reversing JNI, or how Facebook is crashing their own application

What every pentesters should learn in 2016

Best SSL/TLS resources (Attacks, Tools, Talks)

Subscribe to the Ostorlab Newsletter