Security Enhancements, Compliance Mapping, and User Experience Upgrades

New release brings advanced security measures, compliance mapping, and user experience enhancements, including URL injection and OAuth account takeover detection, PCI/GDPR compliance mapping, and a 10x speedup in secret detection. Enjoy improved PDF reports, a new ticket/remediation UI, and better search capabilities.


Support for SBOM scan in Circleci, AzureDevOps and GitHub pipelines & support for Multi-SBOM scanning

Support for multiple.

Tue 29 August 2023


PDF report items filtering by both risk rating and ticket status

Ostorlab has added support for filtering PDF report items by both risk rating and ticket status.

Wed 09 August 2023


August Fix-it!

During our recent Fix-It Week ๐Ÿ› ๏ธ๐Ÿ˜ƒ, our dedicated team put in a tremendous effort to address and resolve over 107 issues affecting our systems.

Tue 08 August 2023

ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter

Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilities, explaining their discovery, implications and mitigation strategies.

Extended Dependency Detection

Ostorlab now supports uploading an SBOM or Lockfile for extended dependency detection.

Latest posts

CircleCI and AppCenter CI/CD integrations

Addition of CircleCI and AppCenter CI/CD integrations.

Tue 11 July 2023

Ostorlab's Insecure Flutter Apps: A Playground for Learning and Testing Mobile Security

Ostorlab has open-sourced two Flutter applications, designed to be intentionally insecure for testing and educational purposes. The apps, one native to iOS and the other a Java/C++/Flutter app, highlight a variety of common mobile app vulnerabilities. Available under the Apache-2.0 license, they serve as practical resources for understanding Flutter security.

Mon 10 July 2023

zCamera, 100M+ installation app, from remote compromise to data leaks

This article is a technical deep dive, showing how a 100M+ installation image application can expose its userโ€™s images and suffer from remotely exploitable vulnerabilities ranging from SQL injection and intent redirect to arbitrary file download.

Tue 04 July 2023

New Features & Fixes in July 2023

We're excited to bring you a host of enhancements and features: open-source Flutter vulnerability detection, extended social auth support for Google and Github, AI-enhanced summaries, a sleek notification UI, and advanced search filters. We've improved geofencing support for India and UK, added new Flutter-specific detection rules, and fixed bugs in various areas. With a freshly redesigned blog and smoother navigation testing for Webview on Android and iOS, we're making your experience even better.

Sat 01 July 2023

AI-powered recommendations and fixes, Improved Flutter Detection, and much more

The new release brings a new AI Engine for improved recommendations, powerful new additions to Flutter detection and much more.

Mon 26 June 2023

Secure Mobile Biometric Authentication: Best Practices and Implementation Guidelines for Kotlin, Swift, and Flutter

In this Article, we define a secure implementation of mobile biometric authentication and provide detailed implementations in the 3 main modern mobile languages, namely Kotlin for Android, Swift for iOS, and Dart for Flutter multiplatform applications.

Tue 20 June 2023

Flutter Reverse Engineering and Security Analysis

Article on Static and Dynamic analysis techniques for Reverse engineering Flutter Applications. The article goes over runtime patching, custom ABI interception and traffic interception.

Thu 15 June 2023

Enhanced Security Features, New Automation Rules, and Flexible Yearly Plans for Improved User Experience

Latest release includes several enhancements such as faster navigation, weekly reporting, an export to CSV feature, new vulnerability detections, improved 2-FA authentication, dynamic routing extraction from popular web frameworks, new automation rules for workflow streamlining, and more flexible yearly plans allowing users to utilize testing slots as needed without loss during inactivity.

Mon 01 May 2023