pentest
Top 10 Mobile Pentesting Tools in 2026
We work with mobile apps every day, and over time we’ve found a list of open-source tools that consistently make our testing more powerful, faster and fun. In this article, we’ve highlighted 10 mobile app pentesting tools we love using everyday.
Fri 27 February 2026
8 Open-Source AI Pentest Tools for Security Teams in 2026
This article lists eight (8) open-source AI pentest tools. It covers how autonomous agents are po...
Fri 30 January 2026
That Time a Zero (could have) Broke the Internet's Plumbing (CVE-2026-0915)
An AI-assisted analysis uncovered a 30-year-old uninitialized buffer vulnerability in glibc's _ns...
Wed 21 January 2026
Javascript Interface Exposure
Ostorlab's Pentest Engine identified a JavaScript bridge exposure in an Android WebView, allowing...
Wed 07 January 2026
AI Pentest Engine Discovers Critical WebSocket BFLA in GraphQL Subscriptions
Ostorlab's AI Pentest Engine systematically uncovered a critical Broken Function-Level Authorization (BFLA) vulnerability in a GraphQL WebSocket endpoint, allowing unauthenticated access to a real-time translation service. This case study details the AI's step-by-step process, from discovery to proof-of-concept.
AI Pentest Upgrades, ServiceNow Integration, Redesigned Email Notifications, and Enhanced Platform Controls
This release delivers major advancements across the Ostorlab platform, including a significant upgrade to AI Pentest, enhanced web and mobile automation, a full-featured ServiceNow integration, redesigned email notifications, improved threat intelligence capabilities, and comprehensive access control enhancements with role and owner-based permissions.
Latest posts
AI Engine Triggers Account Takeover via API Version Confusion
Methodical analysis beats blind fuzzing as Ostorlab's AI engine discovers cross-version password reset weakness and achieves account takeover without email access.
Mon 15 December 2025
Uncovering a Second-Order Data Exfiltration Chain in Modern SPAs
How a second-order client-side data exfiltration chain was discovered in a modern SPA, transforming a simple open redirect into a multi-stage data theft vulnerability through JavaScript analysis and exploit chain validation.
Wed 10 December 2025
Ostorlab AI Pentest Engine: How it Works
Technical deep dive into Ostorlab AI Pentest Engine inner working, from threat intelligence, risk identification, mobile support to vulnerability validation.
Mon 27 October 2025
Going Beyond: Ostorlab AI Engine Discovers Unknown Vulnerability Classes
Ostorlab’s reasoning-driven AI engine breaks past rule-based limits to surface previously unknown and hard-to-detect vulnerabilities—including WebView Safe Browsing bypasses, SQLi via projections, WebCrypto key exfiltration, and JWT verification ordering flaws—delivering deeper, smarter, complementary security coverage.
Mon 13 October 2025
AI-Powered Pentesting: A Deep Dive into Android Intent Redirection
This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android application for Intent Redirection vulnerabilities. Follow the engine's journey from static analysis and initial findings to rigorous dynamic validation, demonstrating its ability to not only identify potential threats but also to meticulously discard false positives.
Sun 31 August 2025
Flutter Reverse Engineering and Security Analysis
Article on Static and Dynamic analysis techniques for Reverse engineering Flutter Applications. The article goes over runtime patching, custom ABI interception and traffic interception.
Thu 15 June 2023
What every pentesters should learn in 2016
The last years have come with meaningful changes in the way IT professionals operate and the way we approach security...
Sat 02 January 2016