Ostorlab: Mobile App Security Testing for Android and iOS

Tag

graphql

AI Pentest Engine Discovers Critical WebSocket BFLA in GraphQL Subscriptions

Ostorlab's AI Pentest Engine systematically uncovered a critical Broken Function-Level Authorization (BFLA) vulnerability in a GraphQL WebSocket endpoint, allowing unauthenticated access to a real-time translation service. This case study details the AI's step-by-step process, from discovery to proof-of-concept.

Abderrahim Haddadi


            Fri 26 December 2025

Product

Advanced Search Query, API Endpoints, Tons of new detections, and more.

The December release introduces advanced inventory search with Python-like syntax, enhanced asset...

Ostorlab Team


                  Mon 02 December 2024

Security

Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and ...

Mouhcine Narhmouche


                  Mon 21 October 2024

graphql

AI Pentest Engine Discovers Critical WebSocket BFLA in GraphQL Subscriptions

Advanced Search Query, API Endpoints, Tons of new detections, and more.

Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities

Subscribe to the Ostorlab Newsletter