Apple Privacy: A Comprehensive Guide to Privacy Manifest Files
This article offers a guide to Privacy Manifest files in Apple's ecosystem, stressing their importance for transparency and compliance, especially with the upcoming 2024 mandate, outlining steps for implementation, and underscoring their role in promoting user trust and adherence to regulations.
Thu 18 April 2024
Objective C instrumentation, detection of insecure data storage, Regex DoS, and multiple bug fixes.
This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.
Mon 15 April 2024
Enhancing PostMessage XSS Detection with Proxy Object Instrumentation
The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerabilities using JavaScript Proxy objects, which enhances traditional dynamic fuzzing techniques.
Thu 04 April 2024
Ostorlab KEV update for 02 April 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Tue 02 April 2024
Detection of Apple's Privacy Manifest, liblzma backdoor, and Attack Surface fixes.
This update introduces fixes for the Attack Surface, detection for the liblzma backdoor, and a public store for agents.
Discovering & Monitoring Mobile Applications Attack Surface with Ostorlab
The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.
Latest posts
Addition of CSS Injection Detection, ARM64 support, and migration of Agent's Docker Images.
This update introduces fixes for the Attack Surface, migration of Agent's Docker Images to Docker Hub, enhanced detection capabilities for vulnerabilities, and support for ARM64 architecture in OSS.
Mon 25 March 2024
Security Landscape of Mobile Banking Applications in North America
This article examines the security of mobile banking applications in North America, uncovering widespread vulnerabilities and the urgent need for enhanced cybersecurity measures. It highlights the fast-paced technological advancements in the sector, alongside challenges such as supply chain vulnerabilities and the adoption of potentially insecure programming practices.
Tue 19 March 2024
Exposed Scan PCAP and JIRA custom Mapping
This update introduces a series of new features related to the IDE, Jira integration, OXO, and many improvements to the platform.
Mon 18 March 2024
Enhancements to the Open Source CLI, Platform, and Detection.
This update introduces various improvements to the XSS scanner, the functionality of the open-source CLI, and monitoring rule creation.
Mon 11 March 2024
Swift Under the Microscope: Practical Dynamic Instrumentation
Article on Swift Dynamic Instrumentation. The article explains the steps to perform dynamic analysis of Swift-based application, covering name mangling, Swift ABI & extraction of function arguments in Swift.
Mon 11 March 2024
Ostorlab KEV update for 11th March 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Mon 11 March 2024
Attack Surface, Remediation, Automation Rules, and Detection improvements
This update introduce a series of updates aimed at enhancing user experience, platform improvements, and bug fixes across various features.
Mon 04 March 2024
OXO Open-Source Improving
The latest update of OXO open-source introduces substantial improvements, providing users with faster startup and execution times. Additionally, this update enhances search capabilities in the CLI for more effective querying. Users now also benefit from increased customization options, including the ability to define accepted agents and specify in_selector in the agent group definition.
Mon 26 February 2024
Changelog
View all changesAI-automated Attack surface, Privacy Analysis, Wordpress agent, and more.
Mon 20 January 2025
Advanced Search Query, API Endpoints, Tons of new detections, and more.
Mon 02 December 2024
HTTP2, Private Custom Checks, actively exploited CVE and much more.
Mon 07 October 2024