web
CVE-2024-5315 Dolibarr SQL Injection Investigation
CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.
Sun 14 July 2024
Text4Shell (CVE-2022-42889) in Mobile Applications ... should I worry?
CVE-2022-42889 is a vulnerability in the Apache Commons Text Library caused by string interpolation abusing powerful handlers and present in popular application like Amazon Shopping, Udemy and Grammarly. This article goes over the applicability and risk of this vulnerability for Mobile Applications.
Mon 24 October 2022
New Dashboard, Better Insights
As a reflection of the many new capabilities and changes we have made, we have released a new dashboard providing better insights into an organization's security posture.
Thu 20 October 2022
OWASP Mobile Application Verification Standard Support
The Mobile Application Security Verification Standard is an important step toward building secure Mobile Applications. Ostorlab now adds support for generating compliance report for L1, L2 and Resilience levels.
Tue 04 October 2022
Improved Attack Surface Discovery, Mobile and Web Security Scanning
Largest release with improvements to Attack Surface, Open-Source, Mobile and Web scanning and much much more.
How did we react to Log4j vulnerability? Read our analysis for mobile applications.
What is the impact of Log4j vulnerability on mobile applications
Latest posts
Ostorlab Nuggets in June issue 5
Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….
Thu 27 May 2021
Ostorlab detects Dependency Confusion
Dependency Confusion is a new attack with high severity impact. This article is an overview of the vulnerability as well as other supply chain attacks.
Wed 03 March 2021
Finding superhuman XSS polyglot payloads with Genetic Algorithms
The following article is a technical deep dive into how genetic algorithms can be leveraged to create superhuman XSS polyglot payloads.
Mon 01 March 2021
Ostorlab adds Web Security Scanning to its arsenal
Ostorlab is adding Web Security Scanner to its arsenal with novel approaches to vulnerability discovery.
Mon 15 February 2021
Security, what opportunities and challenges for 2019?
Use the start of the year to contemplate how the previous year went, and prepare for the upcoming is an important exercise to put things into perspective and reevaluate some of our choices.
Mon 07 January 2019
DOM XSS Fuzzing strategies - Part 1
XSS are still by far the most common tyope of vulnerabilities, this article presents strategies to automate the search for XSSes.
Sat 22 December 2018
New Features and Roadmap
The last few months, Ostorlab team has been hard at work adding exciting new features. Some of these have already hit production, or will do so in the upcoming weeks and months.
Thu 20 September 2018
What every pentesters should learn in 2016
The last years have come with meaningful changes in the way IT professionals operate and the way we approach security...
Sat 02 January 2016