Known Exploitable Vulnerabilities: Catching them all
In this article we will Discover essential tools and empirical insights for identifying critical, high-severity, and actively exploitable vulnerabilities sourced from reputable platforms like CISA KEV, Google’s Tsunami, and the innovative Ostorlab’s Asteroid Project.
Wed 10 January 2024
2023 in review
As 2023 has concluded, it's time to reflect and prepare for an optimistic 2024.
Wed 10 January 2024
New OWASP Mobile Top 10
Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.
Mon 27 November 2023
Introduction of a comprehensive audit logging system
Introducing a comprehensive audit logging system including user logins, data modifications, confi...
Mon 20 November 2023
Support for Bitbucket CI/CD integration, IDE Enhancements
Support for Bitbucket CI/CD integration, IDE Enhancements and more.
Ostorlab's Victory at the Swiss Cyber defence Security Challenge 2023
Ostorlab clinches the top spot in the Swiss Cyber defense Security Challenge, showcasing their commitment to advancing application security automation.
Latest posts
One Scheme to Rule Them All: OAuth Account Takeover
This article delves into the exploitation of OAuth account takeover using app impersonation through custom scheme hijacking, an overlooked vulnerability pattern affecting most OAuth providers and consequently many popular applications including apps with over 1B downloads.
Tue 17 October 2023
Security Enhancements, Compliance Mapping, and User Experience Upgrades
New release brings advanced security measures, compliance mapping, and user experience enhancements, including URL injection and OAuth account takeover detection, PCI/GDPR compliance mapping, and a 10x speedup in secret detection. Enjoy improved PDF reports, a new ticket/remediation UI, and better search capabilities.
Fri 13 October 2023
Support for SBOM scan in Circleci, AzureDevOps and GitHub pipelines & support for Multi-SBOM scanning
Support for multiple.
Tue 29 August 2023
PDF report items filtering by both risk rating and ticket status
Ostorlab has added support for filtering PDF report items by both risk rating and ticket status.
Wed 09 August 2023
August Fix-it!
During our recent Fix-It Week 🛠️😃, our dedicated team put in a tremendous effort to address and resolve over 107 issues affecting our systems.
Tue 08 August 2023
ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter
Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilities, explaining their discovery, implications and mitigation strategies.
Fri 04 August 2023
Extended Dependency Detection
Ostorlab now supports uploading an SBOM or Lockfile for extended dependency detection.
Tue 18 July 2023
CircleCI and AppCenter CI/CD integrations
Addition of CircleCI and AppCenter CI/CD integrations.
Tue 11 July 2023
Changelog
View all changesMobile Benchmarking, Monkey Tester Reliability, and Deeper Web Crawling
Tue 23 September 2025