Two efficient features to continuously monitor mobile applications


Whether we are developing a mobile application or assessing its security, we need to continuously review it with every new release. Repetitively building the app, uploading the file, and creating a scan quickly becomes an annoyance. Ostorlab is excited to announce the introduction of two new features to ease the burden of testing your app.

Continuous Application Monitoring

Continuous application monitoring can easily discover applications on the store, searching by application name, package name or bundle Id.

alt text

The continuous monitoring rules are configured by selecting the target application, setting test credentials or UI automation rules. If you are not familiar with Ostorlab's support for authenticated tests and UI automation, check our guide for more information.

alt text

Once a monitoring rule is created, Ostorlab continuously check the store for new versions and automatically triggers a new scan. Applications with silent updates, using frameworks like React Native, are also covered as they get scanned at least once a week.

In the future, scans will also get triggered with the introduction of new detection capability or the detection of a new CVE affecting an application dependency.

alt text

alt text

Continuous monitoring provides insight into how an application is evolving, how often are vulnerabilities introduced and fixed and eases the task of tracking an application attack surface for bounty hunting for instance.

alt text

alt text

Jenkins CI/CD integration

In addition to the Store application monitoring, Ostorlab has also released a new open-source Jenkins plugin to integrate security scanning with your deployment pipeline. Integrating security into your CI/CD is a simple step to adopt security as early as possible in the development process and have a bottom-up approach to security that doesn't require a security expert to intervene and ensure issues are detected and fixed.

The steps to use the plugins are straightforward:

  • Generate an API key, one click away in the UI

alt text

  • Install plugin from Jenkins repo

alt text

  • Configure Plugin with new API key

alt text

  • Add plugin to your pipeline

alt text

For more detailed steps, check the plugin documentation here.

To take advantage of all these features, ALL FREE, Create an account here.