November 2017
We are pleased to announce a set of new improvements
Wed 01 November 2017
September 2017
We are pleased to announce a set of new improvements
Fri 01 September 2017
August 2017
We are pleased to announce a set of new improvements
Tue 01 August 2017
July 2017
We are pleased to announce a set of new improvements
Sat 01 July 2017
Finding security bugs in Android applications the hard way
Ostorlab is a community effort to build a mobile application vulnerability scanner to help developers build secure mobile applications. One of the new key components of the scanner detection capabilities is a new shiny static taint engine for Android Dalvik Bytecode that was heavily optimized for performance and low false positives.
Latest posts
New Taint Engine ... more vulnerabilities found
We have been for the last few months hard at work developing a new scan engine to identify new classes of vulnerabilities. The new scan engine is capable of identifying SQL injections, intent hijacking, insecure random seed, insecure cryptography etc.
Sun 23 April 2017
Testing Cordova Applications
Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.
Thu 24 November 2016
Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?
Before we get into SQL injections and what might go wrong, we'll start by covering some technical information on Content Providers...
Thu 03 November 2016
Android external libs!
For an Android developer, it has become standard practice to use external libraries to easily extend the functionalities of the mobile application . Thanks to Gradle easy dependency integration, features like HTTP frameworks, database ORM, fancy scrolling, efficient image loading, caching, social network integration and many others can be added easily.
Tue 01 November 2016
Vulnerabilities tested by Google Play Store
Google will start identifying security weaknesses in Apps pushed to the Play Store...
Mon 05 September 2016
Python Concurrency and Parallelism: building a custom ProcessPoolExecutor
At Ostorlab we scan hundreds of Mobile Applications each day, each scan is very resource intensive but at the same time, since the beginning, we had to optimize the code for speed and maximize use of cloud resources.
Mon 18 July 2016
New in Android M and N: Runtime Permissions
In Android, the permission system was one of the major security concerns of the platform for many reasons...
Fri 27 May 2016
Android SSL certificate pinning to prevent Man-in-the-middle attack
Implementing SSL certificate pinning in mobile apps to secure the communication between the user's device and the backend
Wed 11 May 2016
Changelog
View all changesAI-automated Attack surface, Privacy Analysis, Wordpress agent, and more.
Mon 20 January 2025
Advanced Search Query, API Endpoints, Tons of new detections, and more.
Mon 02 December 2024