Ostorlab: Mobile App Security Testing for Android and iOS

Tag

android

Finding security bugs in Android applications the hard way

Ostorlab is a community effort to build a mobile application vulnerability scanner to help developers build secure mobile applications. One of the new key components of the scanner detection capabilities is a new shiny static taint engine for Android Dalvik Bytecode that was heavily optimized for performance and low false positives.

Ostorlab Team


            Fri 16 June 2017

Security

New Taint Engine ... more vulnerabilities found

We have been for the last few months hard at work developing a new scan engine to identify new cl...

Ostorlab Team


                  Sun 23 April 2017

Security

Testing Cordova Applications

Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (su...

Ostorlab Team


                  Thu 24 November 2016

Security

Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?

Before we get into SQL injections and what might go wrong, we'll start by covering some technical...

Ostorlab Team


                  Thu 03 November 2016

Engineering

Android external libs!

For an Android developer, it has become standard practice to use external libraries to easily extend the functionalities of the mobile application . Thanks to Gradle easy dependency integration, features like HTTP frameworks, database ORM, fancy scrolling, efficient image loading, caching, social network integration and many others can be added easily.

Ostorlab Team


                  Tue 01 November 2016

Security

Vulnerabilities tested by Google Play Store

Google will start identifying security weaknesses in Apps pushed to the Play Store...

Ostorlab Team


                  Mon 05 September 2016

Latest posts

Security

New in Android M and N: Runtime Permissions

In Android, the permission system was one of the major security concerns of the platform for many reasons...

Ostorlab Team


                    Fri 27 May 2016

Security

Android SSL certificate pinning to prevent Man-in-the-middle attack

Implementing SSL certificate pinning in mobile apps to secure the communication between the user's device and the backend

Ostorlab Team


                    Wed 11 May 2016

Security

Reversing JNI, or how Facebook is crashing their own application

Apparently Facebook is crashing their apps intentionally in order to test users reaction and evaluate their adherence to Facebook service. This post is however not about the user's behavioral analysis, but about the technical aspects of how it is done - or just an excuse to dive into JNI reversing.

Ostorlab Team


                    Thu 07 January 2016

Security

Best SSL/TLS resources (Attacks, Tools, Talks)

This article will reference the best current resources on SSL/TLS.

Ostorlab Team


                    Tue 25 August 2015

Changelog

View all changes

2 of 2

android

Finding security bugs in Android applications the hard way

New Taint Engine ... more vulnerabilities found

Testing Cordova Applications

Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?

Android external libs!

Vulnerabilities tested by Google Play Store

Latest posts

New in Android M and N: Runtime Permissions

Android SSL certificate pinning to prevent Man-in-the-middle attack

Reversing JNI, or how Facebook is crashing their own application

Best SSL/TLS resources (Attacks, Tools, Talks)

Changelog

Subscribe to the Ostorlab Newsletter