Ostorlab KEV update for 26th February 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Mon 26 February 2024
Test Credential Name
The latest update introduces the addition of a "test credential name" feature, allowing users to label test credentials for easier identification and management.
Mon 19 February 2024
Attack Surface Discovery paths
The latest update incorporates attack surface discovery paths, offering detailed insights into how assets were discovered. This addition helps understand from which asset(s) a particular asset came from.
Fri 16 February 2024
Mapping Dependency Confusion: A Novel Detection Approach using Source Map Files
The article delves into dependency confusion vulnerabilities and introduces a novel detection and exploitation technique then provides actionable steps to mitigate the risks associated with this vulnerability.
Tue 13 February 2024
IAM, XSS and over 1000 new dynamic rules.
Recent updates have significantly enhanced dynamic analysis with new programming language support and vulnerable pattern detection, refined IAM management with new roles, improved granularity in attack surface access, advanced XSS detection, and vulnerable dependency identification, alongside crucial bug fixes across the system.
Support for Basic Authentication, HTTP folders and other improvements
Ostorlab has added support for Basic Authentication, HTTP folders and various enhancements to the attack surface and stack traces sections.
Latest posts
Known Exploitable Vulnerabilities: Catching them all
In this article we will Discover essential tools and empirical insights for identifying critical, high-severity, and actively exploitable vulnerabilities sourced from reputable platforms like CISA KEV, Google’s Tsunami, and the innovative Ostorlab’s Asteroid Project.
Wed 10 January 2024
2023 in review
As 2023 has concluded, it's time to reflect and prepare for an optimistic 2024.
Wed 10 January 2024
New OWASP Mobile Top 10
Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.
Mon 27 November 2023
Introduction of a comprehensive audit logging system
Introducing a comprehensive audit logging system including user logins, data modifications, configuration changes, and more.
Mon 20 November 2023
Support for Bitbucket CI/CD integration, IDE Enhancements
Support for Bitbucket CI/CD integration, IDE Enhancements and more.
Tue 14 November 2023
Ostorlab's Victory at the Swiss Cyber defence Security Challenge 2023
Ostorlab clinches the top spot in the Swiss Cyber defense Security Challenge, showcasing their commitment to advancing application security automation.
Fri 10 November 2023
One Scheme to Rule Them All: OAuth Account Takeover
This article delves into the exploitation of OAuth account takeover using app impersonation through custom scheme hijacking, an overlooked vulnerability pattern affecting most OAuth providers and consequently many popular applications including apps with over 1B downloads.
Tue 17 October 2023
Security Enhancements, Compliance Mapping, and User Experience Upgrades
New release brings advanced security measures, compliance mapping, and user experience enhancements, including URL injection and OAuth account takeover detection, PCI/GDPR compliance mapping, and a 10x speedup in secret detection. Enjoy improved PDF reports, a new ticket/remediation UI, and better search capabilities.
Fri 13 October 2023
Changelog
View all changesAI-automated Attack surface, Privacy Analysis, Wordpress agent, and more.
Mon 20 January 2025
Advanced Search Query, API Endpoints, Tons of new detections, and more.
Mon 02 December 2024
HTTP2, Private Custom Checks, actively exploited CVE and much more.
Mon 07 October 2024