Wed 10 January 2024
As 2023 has concluded, it's time to reflect and prepare for an optimistic 2024.
2023 was a challenging year. It was marked by economic, political, and global uncertainties. On our much smaller scale, we, at Ostorlab have faced different challenges, from handling team growth without losing our agility, and from increasing customer demand without compromising on our support excellence to spending significant engineering time and effort to solve new very hard technical problems.
Our achievements this year at Ostorlab remain significant. We expanded our team to double its size, relocated to larger offices to support our growth, achieved SOC2 certification, won the Swiss Cyber Challenge, and secured major clients, from tech giants to the largest banks in numerous countries.
We continue to be held to higher standards and we continue to strive, immensely, to deliver.
Our north start for 2023 was simple: Detection, detection, and detection.
This manifested in various ways. We published research on diverse topics such as Flutter Reverse Engineering, and Biometric Authentication Bypass, reported several CVE vulnerabilities in the most popular zip packages, and OAuth account takeover through app impersonation. We were also able to identify more critical vulnerabilities, from remote code executions to account takeovers.
From a product’s perspective, we have added several new enhancements and capabilities, to list only a few:
- Mobile Attack Surface Extension: We've expanded our mobile attack surface tracking to monitor mobile application exposure, changes, and additions.
- Backend Tracking and TLS Traffic Interception: Added new features for intercepting and listing backend activities over TLS.
- Secret Detection Improvement: We enhanced the detection of sensitive information adding more secrets, and finding them much faster.
- Onboarding and User Experience: The introduction of a new onboarding menu and redoing of several parts of the platform UI to improve user interface and experience.
- Automation and Queries: We have implemented new automation rules to automate attack surface discovery tasks, ticket management, and inventory handling.
- Flutter Detection: Significant advancements in detecting vulnerabilities within Flutter applications, from dependency listing, and accurate stack trace extraction to over 870 vulnerability rules added.
- Notification System: Upgraded notification handling and user experience.
- Weekly Reports and Auditing: Introduction of new weekly reports and action auditing features with trend reporting on vulnerabilities, remediation, and attack surface.
- AI Integration: Incorporating AI for summarizing reports and providing tailored fix recommendations.
- Authentication and Integration: Addition of social authentication using Google and GitHub, along with new integrations like AppCenter and CircleCI.
- SBOM and Lock File Scanning: Enhanced capabilities in software bill of materials and lock file analysis supporting over a dozen file formats.
- Custom Config Scanning: Supporting on-prem and custom scan configurations, scanning anything, anywhere, anytime.
- Websites Redesign: A complete overhaul of Ostorlab’s blog and documentation and redoing content of all the documentation in video formats.
- Scan Log Improvements: Enhanced scan log aggregation and analysis for immediate issue detection and bug tracking. This improves both platform detection and robustness.
- Legacy Detection: Transitioning from legacy detection agents to new more efficient and modular agents. The new agent offers a significantly faster and smoother developer experience.
- Dynamic Analysis: Improved dynamic analysis with powerful vulnerability rule detection and stack extraction in Java, Swift, Dart, and C and the addition of over 24 thousand new detection rules thanks to major work in rule generation.
For 2024, our focus is on adding more powerful detection capabilities to uncover more complex and critical vulnerabilities.
The milestones we achieved could not be achieved without the hard work, dedication, and relentlessness of our team. It is also the direct result of the great feedback that our users continuously share.
Thank you for a fulfilling 2023 and looking forward to hopefully an even better 2024.