Tag

security

Ostorlab's Privacy Scan automatically detects mismatches between what your app's privacy policy says and what it actually does. This comprehensive analysis of policy text, permissions, code, and UI elements helps mobile developers avoid compliance violations and build user trust through accurate privacy practices.

Product

Ostorlab Security Scanner GitHub Integration

The Ostorlab Security Scanner GitHub Integration enhances mobile app development workflows by embedding automated security directly into the CI/CD pipeline. It offers a GitHub Action for scanning mobile application on every code push. It adds inline vulnerability insights directly to pull requests, highlighting the exact code changes that introduced issues and suggesting one-click fixes developers can apply without leaving GitHub.

Wed 21 May 2025

Product

Scan, Sync, Remediate: Ostorlab Meets Vanta for Faster Audits

This article announces the new integration between Ostorlab and Vanta, explains how it works, outlines the setup process, and highlights the key benefits for security and compliance teams.

Tue 20 May 2025

Product

Expanded Privacy Analysis, Attack Surface Profiling, and GitHub Source Mapping Improvements

Ostorlab's May 2025 update delivers comprehensive privacy analysis capabilities with 21 new data collection

Mon 12 May 2025

A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Latest posts

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Wed 16 October 2024

Threat Center v2: 🚨 Staying Ahead of Vulnerabilities 🛡️

The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.

Thu 10 October 2024

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Thu 10 October 2024

Actively Exploited CVE-2022-21445, Deep Dive

The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.

Wed 25 September 2024

Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.

Thu 12 September 2024

OXO Titan UI: Simplifying Security Scanning for Everyone

OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanced security scanning techniques. This article explores OXO Titan's journey from concept to reality, highlighting its key features and presenting a practical user workflow example.

Mon 26 August 2024

Advanced Techniques for Bypassing 4xx Errors

Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.

Mon 05 August 2024

CVE-2024-5315 Dolibarr SQL Injection Investigation

CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.

Sun 14 July 2024


Previous
1 of 4