CVE-2022-42889 is a vulnerability in the Apache Commons Text Library caused by string interpolation abusing powerful handlers and present in popular application like Amazon Shopping, Udemy and Grammarly. This article goes over the applicability and risk of this vulnerability for Mobile Applications.


New Dashboard, Better Insights

As a reflection of the many new capabilities and changes we have made, we have released a new dashboard providing better insights into an organization's security posture.

Thu 20 October 2022


OWASP Mobile Application Verification Standard Support

The Mobile Application Security Verification Standard is an important step toward building secure Mobile Applications. Ostorlab now adds support for generating compliance report for L1, L2 and Resilience levels.

Tue 04 October 2022


Improved Attack Surface Discovery, Mobile and Web Security Scanning

Largest release with improvements to Attack Surface, Open-Source, Mobile and Web scanning and much much more.

Thu 18 August 2022

What is the impact of Log4j vulnerability on mobile applications

Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….

Latest posts

Ostorlab detects Dependency Confusion

Dependency Confusion is a new attack with high severity impact. This article is an overview of the vulnerability as well as other supply chain attacks.

Wed 03 March 2021

Finding superhuman XSS polyglot payloads with Genetic Algorithms

The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.

Mon 01 March 2021

Ostorlab adds Web Security Scanning to its arsenal

Ostorlab is adding Web Security Scanner to its arsenal with novel approaches to vulnerability discovery.

Mon 15 February 2021

Security, what opportunities and challenges for 2019?

Use the start of the year to contemplate how the previous year went, and prepare for the upcoming is an important exercise to put things into perspective and reevaluate some of our choices.

Mon 07 January 2019

DOM XSS Fuzzing strategies - Part 1

XSS are still by far the most common tyope of vulnerabilities, this article presents strategies to automate the search for XSSes.

Sat 22 December 2018

New Features and Roadmap

The last few months, Ostorlab team has been hard at work adding exciting new features. Some of these have already hit production, or will do so in the upcoming weeks and months.

Thu 20 September 2018

What every pentesters should learn in 2016

The last years have come with meaningful changes in the way IT professionals operate and the way we approach security...

Sat 02 January 2016