Where are all these 3rd party SDKs sending my users' data? 😨

Ostorlab’s new features are laser-focused on helping teams understand, track and search their attack surface, what attackers are seeing and targetting, and basically what can get an organization hacked.

Achieving that is a matter of continuously collecting the right data and providing the tooling to understand it, navigate it, and search through it.

Attack surface enhancements

We've made a long list of changes to improve the experience of detecting and navigating your attack surface.

Here are just some of the cool new features:

alt text

  • Narrow down on any asset using the filter button and access its direct asset connections or even its 2nd and 3rd connections. This feature helps us understand how the attack surface discovery detects new assets. A great example is a user with his work email registering multiple new domains that weren't tracked anywhere before. You know yourself, John from Marketing 🙂.
  • Addition of powerful new search features like searching by multiple ownership types or excluding assets matching a search pattern.
  • Convenient quick action buttons to trigger a scan or add a monitoring rule. If you are curious about that asset's vulnerabilities, just hit "Quick Scan".
  • Bulk asset import makes it a breeze to add many assets by simply uploading a CSV file.
  • Access asset data directly from the attack surface graph with information such as DNS Records, open services, used libraries, Whois data, in-use certificates, and much more.

A deeper look at your Mobile Applications Attack Surface.

alt text

Attack surface is not just about domain names and IP addresses, especially if you are a mobile-first company.

Ostorlab's attack surface now detects and tracks mobile applications' attack surface, be it what the app is exposing, what dangerous features it is using, what libraries are used, and most importantly, tracking their changes and when they are changed. It will even list all backend systems and indicate their geographical location.

Mobile Scan Summary

alt text

Our latest work includes a new scan insights feature with a summary of scan reports and actionable feedback on improving your app's security. Augmented with attack surface data, the report provides valuable insight into the impact of the identified issues.

Faster Scans

If you have been using the platform for a while, you might have noticed that scans run faster, much faster. This has required substantial engineering effort to increase speed without sacrificing quality. This is only the first step toward achieving a full scan completion in under an hour which we aim to accomplish before the end of this year.

Top 10 innovators in vulnerability testing

Ostorlab has been named one of the top 10 innovative security scanners of 2023 by GRC Viewpoint. We are grateful for that recognition that comforts our dedication to building a powerful, easy-to-use, and comprehensive platform. This is only the beginning of so many crazy ideas we are working on that we really hope will truly shape the future of vulnerability scanning.

We are proud to announce the largest release packed with features touching Open-Source, Mobile Scanning, Web Scanning, a brand new exceptional attack surface capability, improvement to Jira integrations, analysis environment search, remediation engine and plans management for large teams.