android
UI call coverage release for dynamic security testing
Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.
Wed 01 September 2021
Ostorlab Nuggets in June issue 5
Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….
Thu 27 May 2021
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over...
Tue 18 May 2021
5 things every mobile security professional should know about WebViews
This article is about WebViews and the security notions we need to have in mind when using these ...
Tue 18 May 2021
Finding and Validating Hardcoded Keys and Secrets
Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.
Create scans directly from the Android and iOS Store
Ostorlab now supports creating scans directly from Android Play Store and iOS App Store
Latest posts
Ostorlab Insecure Application
This article describes the usage of Ostorlab Insecure Application.
Mon 14 October 2019
New Features and Roadmap
The last few months, Ostorlab team has been hard at work adding exciting new features. Some of these have already hit production, or will do so in the upcoming weeks and months.
Thu 20 September 2018
Critical attack surface of mobile applications
the Attack Surface of mobile applications.
Wed 17 January 2018
Finding security bugs in Android applications the hard way
Ostorlab is a community effort to build a mobile application vulnerability scanner to help developers build secure mobile applications. One of the new key components of the scanner detection capabilities is a new shiny static taint engine for Android Dalvik Bytecode that was heavily optimized for performance and low false positives.
Fri 16 June 2017
New Taint Engine ... more vulnerabilities found
We have been for the last few months hard at work developing a new scan engine to identify new classes of vulnerabilities. The new scan engine is capable of identifying SQL injections, intent hijacking, insecure random seed, insecure cryptography etc.
Sun 23 April 2017
Testing Cordova Applications
Hybrid frameworks like Cordova offers the advantage of building one app for multiple platform (support for Android, iOS, Windows Phone, FireOS, FirefoxOS ...) . The framework is easy and fast to develop with and offers generally a single API for all platforms.
Thu 24 November 2016
Android, SQL and ContentProviders or Why SQL injections aren't dead yet ?
Before we get into SQL injections and what might go wrong, we'll start by covering some technical information on Content Providers...
Thu 03 November 2016