Tag

security

This update introduces support for scanning apps using iOS TestFlight, Slack Integrations, support for scanning web apps with an SBOM, and other improvements.

Product

Integrations, Dynamic analysis improvements, and a new standard support

This update introduces multiple new integrations with CI/CD pipelines, improvements to dynamic traces interception & analysis, support for the MASVS v2.0.0 standard, and many bug fixes.

Mon 27 May 2024

Engineering

🚀 OXO v1.0!

OXO version 1.0, is 10x times faster, supports ARM64 architectures, and is packed with improved capabilities like scanning multiple assets, simpler and powerful CLI.

Mon 29 April 2024

Product

Discovering & Monitoring Mobile Applications Attack Surface with Ostorlab

The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.

Tue 26 March 2024

This article examines the security of mobile banking applications in North America, uncovering widespread vulnerabilities and the urgent need for enhanced cybersecurity measures. It highlights the fast-paced technological advancements in the sector, alongside challenges such as supply chain vulnerabilities and the adoption of potentially insecure programming practices.

In this article we will Discover essential tools and empirical insights for identifying critical, high-severity, and actively exploitable vulnerabilities sourced from reputable platforms like CISA KEV, Google’s Tsunami, and the innovative Ostorlab’s Asteroid Project.

Latest posts

New OWASP Mobile Top 10

Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.

Mon 27 November 2023

Ostorlab's Victory at the Swiss Cyber defence Security Challenge 2023

Ostorlab clinches the top spot in the Swiss Cyber defense Security Challenge, showcasing their commitment to advancing application security automation.

Fri 10 November 2023

One Scheme to Rule Them All: OAuth Account Takeover

This article delves into the exploitation of OAuth account takeover using app impersonation through custom scheme hijacking, an overlooked vulnerability pattern affecting most OAuth providers and consequently many popular applications including apps with over 1B downloads.

Tue 17 October 2023

Security Enhancements, Compliance Mapping, and User Experience Upgrades

New release brings advanced security measures, compliance mapping, and user experience enhancements, including URL injection and OAuth account takeover detection, PCI/GDPR compliance mapping, and a 10x speedup in secret detection. Enjoy improved PDF reports, a new ticket/remediation UI, and better search capabilities.

Fri 13 October 2023

August Fix-it!

During our recent Fix-It Week 🛠️😃, our dedicated team put in a tremendous effort to address and resolve over 107 issues affecting our systems.

Tue 08 August 2023

ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter

Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilities, explaining their discovery, implications and mitigation strategies.

Fri 04 August 2023

Extended Dependency Detection

Ostorlab now supports uploading an SBOM or Lockfile for extended dependency detection.

Tue 18 July 2023


Previous
1 of 3