This update introduces various improvements to the XSS scanner, the functionality of the open-source CLI, and monitoring rule creation.

Engineering

Swift Under the Microscope: Practical Dynamic Instrumentation

Article on Swift Dynamic Instrumentation. The article explains the steps to perform dynamic analysis of Swift-based application, covering name mangling, Swift ABI & extraction of function arguments in Swift.

Mon 11 March 2024

Security

Ostorlab KEV update for 11th March 2024

New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog

Mon 11 March 2024

Product

Attack Surface, Remediation, Automation Rules, and Detection improvements

This update introduce a series of updates aimed at enhancing user experience, platform improvements, and bug fixes across various features.

Mon 04 March 2024

The latest update of OXO open-source introduces substantial improvements, providing users with faster startup and execution times. Additionally, this update enhances search capabilities in the CLI for more effective querying. Users now also benefit from increased customization options, including the ability to define accepted agents and specify in_selector in the agent group definition.

New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog

Latest posts

Test Credential Name

The latest update introduces the addition of a "test credential name" feature, allowing users to label test credentials for easier identification and management.

Mon 19 February 2024

Attack Surface Discovery paths

The latest update incorporates attack surface discovery paths, offering detailed insights into how assets were discovered. This addition helps understand from which asset(s) a particular asset came from.

Fri 16 February 2024

Mapping Dependency Confusion: A Novel Detection Approach using Source Map Files

The article delves into dependency confusion vulnerabilities and introduces a novel detection and exploitation technique then provides actionable steps to mitigate the risks associated with this vulnerabillity.

Tue 13 February 2024

IAM, XSS and over 1000 new dynamic rules.

Recent updates have significantly enhanced dynamic analysis with new programming language support and vulnerable pattern detection, refined IAM management with new roles, improved granularity in attack surface access, advanced XSS detection, and vulnerable dependency identification, alongside crucial bug fixes across the system.

Mon 12 February 2024

Support for Basic Authentication, HTTP folders and other improvements

Ostorlab has added support for Basic Authentication, HTTP folders and various enhancements to the attack surface and stack traces sections.

Tue 16 January 2024

Known Exploitable Vulnerabilities: Catching them all

In this article we will Discover essential tools and empirical insights for identifying critical, high-severity, and actively exploitable vulnerabilities sourced from reputable platforms like CISA KEV, Google’s Tsunami, and the innovative Ostorlab’s Asteroid Project.

Wed 10 January 2024

2023 in review

As 2023 has concluded, it's time to reflect and prepare for an optimistic 2024.

Wed 10 January 2024

New OWASP Mobile Top 10

Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.

Mon 27 November 2023