security
OXO Titan UI: Simplifying Security Scanning for Everyone
OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanced security scanning techniques. This article explores OXO Titan's journey from concept to reality, highlighting its key features and presenting a practical user workflow example.
Mon 26 August 2024
Advanced Techniques for Bypassing 4xx Errors
Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about th...
Mon 05 August 2024
CVE-2024-5315 Dolibarr SQL Injection Investigation
CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.
Sun 14 July 2024
iOS TestFlight scan, Slack Integrations and other improvements
This update introduces support for scanning apps using iOS TestFlight, Slack Integrations, suppor...
Mon 10 June 2024
Integrations, Dynamic analysis improvements, and a new standard support
This update introduces multiple new integrations with CI/CD pipelines, improvements to dynamic traces interception & analysis, support for the MASVS v2.0.0 standard, and many bug fixes.
🚀 OXO v1.0!
OXO version 1.0, is 10x times faster, supports ARM64 architectures, and is packed with improved capabilities like scanning multiple assets, simpler and powerful CLI.
Latest posts
Discovering & Monitoring Mobile Applications Attack Surface with Ostorlab
The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.
Tue 26 March 2024
Security Landscape of Mobile Banking Applications in North America
This article examines the security of mobile banking applications in North America, uncovering widespread vulnerabilities and the urgent need for enhanced cybersecurity measures. It highlights the fast-paced technological advancements in the sector, alongside challenges such as supply chain vulnerabilities and the adoption of potentially insecure programming practices.
Tue 19 March 2024
Known Exploitable Vulnerabilities: Catching them all
In this article we will Discover essential tools and empirical insights for identifying critical, high-severity, and actively exploitable vulnerabilities sourced from reputable platforms like CISA KEV, Google’s Tsunami, and the innovative Ostorlab’s Asteroid Project.
Wed 10 January 2024
New OWASP Mobile Top 10
Release of new OWASP Mobile Top 10 with improvements, updates and a behind the scenes.
Mon 27 November 2023
Ostorlab's Victory at the Swiss Cyber defence Security Challenge 2023
Ostorlab clinches the top spot in the Swiss Cyber defense Security Challenge, showcasing their commitment to advancing application security automation.
Fri 10 November 2023
One Scheme to Rule Them All: OAuth Account Takeover
This article delves into the exploitation of OAuth account takeover using app impersonation through custom scheme hijacking, an overlooked vulnerability pattern affecting most OAuth providers and consequently many popular applications including apps with over 1B downloads.
Tue 17 October 2023
Security Enhancements, Compliance Mapping, and User Experience Upgrades
New release brings advanced security measures, compliance mapping, and user experience enhancements, including URL injection and OAuth account takeover detection, PCI/GDPR compliance mapping, and a 10x speedup in secret detection. Enjoy improved PDF reports, a new ticket/remediation UI, and better search capabilities.
Fri 13 October 2023
Support for SBOM scan in Circleci, AzureDevOps and GitHub pipelines & support for Multi-SBOM scanning
Support for multiple.
Tue 29 August 2023
Changelog
View all changesiOS TestFlight scan, Slack Integrations and other improvements
Mon 10 June 2024
Security Enhancements, Compliance Mapping, and User Experience Upgrades
Fri 13 October 2023