This update introduces multiple new integrations with CI/CD pipelines, improvements to dynamic traces interception & analysis, support for the MASVS v2.0.0 standard, and many bug fixes.

Product

Discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.

This update adds the discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.

Mon 06 May 2024

Engineering

🚀 OXO v1.0!

OXO version 1.0, is 10x times faster, supports ARM64 architectures, and is packed with improved capabilities like scanning multiple assets, simpler and powerful CLI.

Mon 29 April 2024

Product

Better UI, more concise scan report, improved detection of insecure webview usage, and multiple bug fixes.

This update improves the user interface of the platform, adds new detection for Webview-related vulnerabilities, and ships multiple bug fixes.

Tue 23 April 2024

This article offers a guide to Privacy Manifest files in Apple's ecosystem, stressing their importance for transparency and compliance, especially with the upcoming 2024 mandate, outlining steps for implementation, and underscoring their role in promoting user trust and adherence to regulations.

This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.

Latest posts

Enhancing PostMessage XSS Detection with Proxy Object Instrumentation

The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerabilities using JavaScript Proxy objects, which enhances traditional dynamic fuzzing techniques.

Thu 04 April 2024

Ostorlab KEV update for 02 April 2024

New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog

Tue 02 April 2024

Detection of Apple's Privacy Manifest, liblzma backdoor, and Attack Surface fixes.

This update introduces fixes for the Attack Surface, detection for the liblzma backdoor, and a public store for agents.

Mon 01 April 2024

Discovering & Monitoring Mobile Applications Attack Surface with Ostorlab

The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.

Tue 26 March 2024

Addition of CSS Injection Detection, ARM64 support, and migration of Agent's Docker Images.

This update introduces fixes for the Attack Surface, migration of Agent's Docker Images to Docker Hub, enhanced detection capabilities for vulnerabilities, and support for ARM64 architecture in OSS.

Mon 25 March 2024

Security Landscape of Mobile Banking Applications in North America

This article examines the security of mobile banking applications in North America, uncovering widespread vulnerabilities and the urgent need for enhanced cybersecurity measures. It highlights the fast-paced technological advancements in the sector, alongside challenges such as supply chain vulnerabilities and the adoption of potentially insecure programming practices.

Tue 19 March 2024

Exposed Scan PCAP and JIRA custom Mapping

This update introduces a series of new features related to the IDE, Jira integration, OXO, and many improvements to the platform.

Mon 18 March 2024

Enhancements to the Open Source CLI, Platform, and Detection.

This update introduces various improvements to the XSS scanner, the functionality of the open-source CLI, and monitoring rule creation.

Mon 11 March 2024