Security

How a second-order client-side data exfiltration chain was discovered in a modern SPA, transforming a simple open redirect into a multi-stage data theft vulnerability through JavaScript analysis and exploit chain validation.

Security

Technical deep dive into Ostorlab AI Pentest Engine inner working, from threat intelligence, risk identification, mobile support to vulnerability validation.

Security

Ostorlab’s reasoning-driven AI engine breaks past rule-based limits to surface previously unknown and hard-to-detect vulnerabilities—including WebView Safe Browsing bypasses, SQLi via projections, WebCrypto key exfiltration, and JWT verification ordering flaws—delivering deeper, smarter, complementary security coverage.

Product

This release introduces newly developed insecure mobile apps, improves the Monkey Tester for reliable prompt-based input during dynamic scans, and enhances the web crawler to explore deeper routes with faster performance. These improvements boost scanning coverage, accuracy, and reliability

Security

The first open-source benchmark suite featuring 93 realistic vulnerable mobile apps that mirror actual CVE and bug bounty findings - not theoretical textbook examples.

Security

Large-scale security analysis of 500+ top mobile banking apps reveals widespread vulnerabilities, decade-old codebases, and concerning backend centralization patterns.

Security

Precision beats payload spray using Ostorlab's AI engine to systematically land RCE on Titiler and proves exfiltration without a single stack trace.

Security

This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android application for Intent Redirection vulnerabilities. Follow the engine's journey from static analysis and initial findings to rigorous dynamic validation, demonstrating its ability to not only identify potential threats but also to meticulously discard false positives.