Documentation
Ostorlab - Application Security Testing
Initializing search
Login
Demo
Home
Getting Started
Copilot
Scanning
Attack Surface
Policies & Remediation
Integrations & API
Organisation
Plans
Security & Privacy
FAQ
Ostorlab Docs
A comprehensive guide to using Ostorlab.
Getting Started
Getting Started
Dashboard
Copilot
Copilot
Copilot Examples
Copilot FAQ
Scanning
Scan Profiles
Run a scan
Manage Scans
View more...
Attack Surface
Discovery
AI Agent Attack Surface Discovery
Data
View more...
Policies & Remediation
Policies
Integrations & API
API
Organisation
Setup
Users
Settings
Plans
Add Plan
Transfer plans
Security & Privacy
Security
Privacy
Knowledge Base
FAQ
FAQ
Documentation
Home
Getting Started
Getting Started
Getting Started
Dashboard
Dashboard
Overview
Scans & Risk
Remediation
Inventory & Attack Surface
Remediation Calendar
Copilot
Copilot
Copilot
Copilot Examples
Copilot FAQ
Scanning
Scanning
Scan Profiles
Scan Profiles
Mobile Scan Profiles
Web Scan Profiles
Network Scan Profile
Autodiscovery Scan Profile
Run a scan
Run a scan
Scan a Mobile Application from the Store
Scan an iOS Mobile Application using TestFlight
Whitelist domains in mobile scans
Scan a Web Application
Authenticated Web Application Scan
Authenticated Scans
Scans with SBOM or Lockfile
Scan Networks
Scan Assets from the inventory
Scan with custom config
Scan Web App with Chrome's Recorder Puppeteer Script
Scan with extra custom Agents
How to add a new agent with a private repository
Manage Scans
Manage Scans
Stop Scan
Archive Scan
Report
Report
Generate PDF report
Risk Rating
Change Risk Rating
Analysis
Analysis
IDE
Check Call Coverage
Monitoring
Monitoring
Monitoring
Create Monitoring Rule
Whitelist domains in mobile application monitoring rules
On-prem Scanners
On-prem Scanners
Run a scan
Attack Surface
Attack Surface
Discovery
AI Agent Attack Surface Discovery
Data
Monitoring
Search and Navigation
Inventory
Inventory
Add Assets
Discover Assets
Edit Potential Owners
Bulk Import Assets
Edit Assets
Delete Asset
Filter by Asset
Exclude Asset
Advanced Search syntax
Graph
Graph
Share a Graph
Location
Location
Add Location
Owners
Owners
Add Owner
Policies & Remediation
Policies & Remediation
Remediation
Remediation
Ticketing
Ticketing
Guide
Create Ticket
Comment on Ticket
Add a Checklist to a Ticket
Configure Patching Policy
Vulnerabilities and Tickets Management
Identify the Location of a Vulnerability from a ticket
Ticket Aggregation
Ticket Aggregation
How it works?
Configure Aggregation based on the platforms
Configure Aggregation based on the applications IDs
Views
Views
Timeline
Policies
Policies
Automation Rules
Integrations & API
Integrations & API
Integrations
Integrations
CI/CD
CI/CD
GitHub
GitLab
Jenkins
Azure DevOps
App Center
CircleCI
Bitbucket
GoCD
TeamCity
Slack
Vanta
Ticketing
Ticketing
Jira
SSO
SSO
Guide
Saml with Azure Active Directory
Saml with Google Workspace (formerly G Suite)
Saml with Okta
Saml with OneLogin
API
API
GraphQl API
Organisation
Organisation
Setup
Setup
Create Organisation
Users
Users
User Roles
Add Users
Switch Organisation
Modify User Permissions
Disable email notifications
Settings
Settings
Add Two-factor authentication device to your account
Plans
Plans
Add Plan
Transfer plans
Security & Privacy
Security & Privacy
Security
Security
Mobile App Security Testing
Streamlining Mobile App Security in the SDLC with Ostorlab
Detection
Platform Support
Security at Ostorlab
Vulnerability Disclosure
Network IPs for Scanning and Integrations
Privacy
Privacy
Privacy Policy Analysis
Knowledge Base
Knowledge Base
Debug mode enabled
Debug Symbols Present in the Android Application
ELF binaries do not enforce secure binary properties
Facebook React development settings exposed
Attribute hasFragileUserData not set
Insecure Network Configuration Settings
Unused permissions (overprivileged)
Application code not obfuscated
Remote Command Execution
Notification Spoofing
Android Package Context created without security restrictions
Exported activities, services and broadcast receivers list
Application prevents taking screenshots
List of JNI methods
APK attack surface
Application certificate information
Classes list
Hardcoded strings list
Recorded calls to dynamic code loading API
Recorded calls to command execution API
Recorded calls to Crypto API
Recorded calls to FileSystem API
Recorded calls to Hash API
Recorded calls to HTTP API
Recorded calls to Intent API
Recorded calls to Inter-Process-Communication (IPC) API
Recorded calls to logging API
Recorded calls to Process API
Recorded calls to Serialization API
Recorded calls to Shared Preferences API
Recorded calls to SQLite query API
Recorded calls to TLS Pinning API
Recorded calls to TLS API
Recorded calls to dangerous WebView settings API
Implementation of a FileObserver
APK files list
Hardcoded SQL queries list
Hardcoded urls list
Declared permissions list
Android Manifest
Obfuscated methods
Implementation of a WebViewClient
Broadcast receiver dynamic registration
Call to Android Security API
Call to Bluetooth and BLE API
Call to Crypto API
Call to delete file API
Call to dynamic code loading API
Call to command execution API
Call to External Storage API
Call to Inter-Process-Communication (IPC) API
Call to logging API
Call to native methods
Call to Random API
Call to Reflection API
Call to Socket API
Call to SQLite query API
Call to TLS API
Call to dangerous WebView settings API
Call to XML parsing API
Call to ZIP API
Expansion APK enabled
Attribute requestLegacyExternalStorage set
Task Hijacking
Undeclared Permissions
Attribute usesCleartextTraffic set
Deprecated Target API Version
Intent Spoofing
Android Sensitive data stored in keyboard cache
Application signed with an expired certificate
Facebook SDK debug mode enabled
Insecure File Provider Paths Setting
Abuse of mobile network connection
Android Class Load Hijacking
addJavaScriptInterface Remote Code Execution.
Webview Remote Debugging Enabled
Implicit PendingIntent
Use of an insecure Bluetooth connection
Android Class Loading Hijacking
Insecure Shared Preferences Permissions
Insecure Register Receiver Flag
Intent Redirection
File Path Traversal
Redis Library detected
Webview loadurl injection
Backup mode enabled
Services declared without permissions
Source to Sink
Backup mode disabled
Application checks rooted device
Debug mode disabled
Secure Network Configuration Settings
Dependency Confusion
Use of Deprecated Component
Memory Leak
Biometric Authentication Without Cryptographic Binding
Format String Vulnerability
Insecure JWT Signature Validation
Domain name and IP address reputation report
VirusTotal scan flagged malicious asset(s) (MD5 based search)
Tapjacking Vulnerability
Template Injection
Mobile WiFi API Personal Identifiable Information concerns
XPath Injection Vulnerability
Obfuscated Flutter code
List of calls to dangerous low-level C functions
Calls to Privacy API
Cryptographic Vulnerability: Insecure Algorithm
Cryptographic Vulnerability: Insecure mode
Use non-random initialization vector (IV)
Insecure Random Seed
Use of Outdated Vulnerable Component
Process crashes
Regular expression denial of service
Biometric Authentication Bypass
Collection of Users' Crash Logs without Consent
Collection of Users' Purchase History in Privacy Policy
Collection of Users' Text Messages in Privacy Policy
Contacts Data Type Declaration Mismatch
Contact Information missing in Privacy Policy
Cryptographic Vulnerability: Hardcoded Key
Device ID Data Type Declaration Mismatch
Health and Biometric Data Type Declaration Mismatch
HTML Injection Vulnerability
In-App Search History Collection in Privacy Policy
Insecure Dynamic Library Loading
Insecure hostname validation check
Insecure password storage
Insecure Filesystem Access
Insecure Storage of Application Data
Credentials exposed in logs
Credentials exposed in URLs
Personally Identifiable Information (PII) Leakage
Missing Declaration of Approximate Location Collection in Privacy Policy
Missing Declaration of Contact Collection in Privacy Policy
Missing Declaration of Device or Other IDs Collection in Privacy Policy
Missing Declaration of Email Address Collection in Privacy Policy
Missing Declaration of Email Collection in Privacy Policy
Missing Declaration of Health Info Collection in Privacy Policy
Missing Declaration of Installed Apps Collection in Privacy Policy
Missing Declaration of Phone Number Collection in Privacy Policy
Missing Declaration of Photo Collection in Privacy Policy
Missing Declaration of Precise Location Collection in Privacy Policy
Missing Declaration of User Files Collection in Privacy Policy
Missing Declaration of Video Collection in Privacy Policy
Missing Declaration of Voice or Sound Recording Collection in Privacy Policy
Missing Declaration of Web Browsing History Collection in Privacy Policy
Missing GDPR Rights Reference in Privacy Policy
Missing Legal Basis in Privacy Policy
Missing Mention of Users' Right to Know in Privacy Policy
Missing Mention of User Data Access in Privacy Policy
Missing Mention of User Data Correction Rights in Privacy Policy
Missing Mention of User Data Deletion in Privacy Policy
Missing Opt-out Information in Privacy Policy
Missing Privacy Policy Disclosure for Calendar Events Collection
Missing Privacy Policy Disclosure for Fitness Info Collection
Missing Privacy Policy Link
Missing Third-Party Sharing Information in Privacy Policy
OAuth Account Takeover by hijacking custom schemes
Phone Number Data Type Declaration Mismatch
PII Categories Data Type Declaration Mismatch
PII Data Type Declaration Mismatch
Precise Location Data Type Declaration Mismatch
Privacy Policy CCPA Rights Reference missing
Privacy Policy Data Retention Description
Privacy Policy Personal Data Categories Disclosure mismatch
Sensitive Information Data Type Declaration missing
Mobile SQL Injection Vulnerability
Text Messages Data Type Declaration Mismatch
User Account Info Data Type Declaration Mismatch
User ID Collection in Privacy Policy
Cryptographic Vulnerability: Weak Hashing Algorithm
XML Injection
ZIP Vulnerabilities: Path Traversal, Zip Symbolic Link, and Zip Extension Spoofing
Port open on device
Continuous collection of GPS location
Secret information stored in the application
URL Manipulation
Secure Collection of Users' Crash Logs without Consent
Secure Collection of Users' Purchase History in Privacy Policy
Secure Collection of Users' Text Messages in Privacy Policy
Contacts Data Type Declaration Match
Contact Information Present in Privacy Policy
Declaration of Approximate Location Collection in Privacy Policy
Declaration of Contact Collection in Privacy Policy
Declaration of Device or Other IDs Collection in Privacy Policy
Declaration of Email Address Collection in Privacy Policy
Declaration of Email Collection in Privacy Policy
Declaration of Health Info Collection in Privacy Policy
Declaration of Installed Apps Collection in Privacy Policy
Declaration of Phone Number Collection in Privacy Policy
Declaration of Photo Collection in Privacy Policy
Declaration of Precise Location Collection in Privacy Policy
Declaration of User Files Collection in Privacy Policy
Declaration of Video Collection in Privacy Policy
Declaration of Voice or Sound Recording Collection in Privacy Policy
Declaration of Web Browsing History Collection in Privacy Policy
Device ID Data Type Declaration Match
GDPR Rights Reference Present in Privacy Policy
Health and Biometric Data Type Declaration Match
Secure In-App Search History Collection in Privacy Policy
Legal Basis Present in Privacy Policy
Mention of Users' Right to Know in Privacy Policy
Mention of User Data Access in Privacy Policy
Mention of User Data Correction Rights in Privacy Policy
Mention of User Data Deletion in Privacy Policy
Opt-out Information Present in Privacy Policy
Phone Number Data Type Declaration Match
PII Categories Data Type Declaration Match
PII Data Type Declaration Match
Precise Location Data Type Declaration Match
Privacy Policy CCPA Rights Reference are Present
Proper Privacy Policy Data Retention Description
Privacy Policy Disclosure for Calendar Events Collection is Present
Privacy Policy Disclosure for Fitness Info Collection is Present
Privacy Policy Link is Present
Privacy Policy Personal Data Categories Disclosure match
Secure domain name and IP address reputation report
Secure Virustotal malware analysis (MD5 based search)
Sensitive Information Data Type Declaration is Present
Text Messages Data Type Declaration Match
Third-Party Sharing Information in Privacy Policy is Present
User Account Info Data Type Declaration Match
Secure User ID Collection in Privacy Policy
Unclaimed Cocoapods Vulnerability
Malformed ATS Configuration
Automatic Reference Counting (ARC) not enforced
Address Space Layout Randomization (ASLR) not enforced
Stack smashing protection not enforced
iOS URL Scheme Injection
IPA contains only bitcode
Mach-O encrypted
Mach-O entitlements
IPA files list
IPA Frameworks list
IPA Plist files
IPA symbol table
URL Scheme list
Strings Bplist files
Debug Symbols Present in the IOS Application
iOS Sensitive data stored in keyboard cache
iTunes UI File Sharing Enabled
Insecure Keychain Storage
Missing privacy manifest file
Insecure App Transport Security (ATS) Settings
iOS URL Scheme Hijacking
Application implements anti-debug techniques
Privacy manifest files
No sensitive data stored outside App
Insecure whitelist configuration
Source Map Code Leak
Cordova debug mode enabled
Cordova Cross-Site Scripting (XSS)
Insecure whitelist
Public AWS S3 bucket with file listing enabled
Secure Firebase Database Permissions
DNS Check: SPF, DKIM, DMARC, and BIMI Validation
DNS High TTL Values
DNS Vulnerability: Dangling Domain Records
DNS Information Disclosure
DNS MX Record Misconfiguration
DNS Vulnerability: Malicious Content in TXT Records
Unrestricted DNS Zone Transfers
Missing or misconfigured DNSSEC
MTA-STS Misconfiguration
Subdomain Takeover
External DNS interaction
Network Port Scan
Raccoon Attack on SSL/TLS
TLS_FALLBACK_SCSV Not Supported
Weak Cipher Suites Supported
Weak Message Authentication Code (MAC) Algorithms Supported
CERTIFICATE_EXPIRED
SSL/TLS Certificate Hostname Mismatch
Forward Secrecy Not Implemented
Outdated SSL/TLS Protocols Supported
ALPACA Attack in SSL/TLS
Backdoored Cryptographic Algorithms in SSL
Lucky Thirteen Vulnerability in SSL/TLS
Weak Cryptographic Key and Signature Algorithm in SSL/TLS Certificate
SSL/TLS Certificates Expiring Soon
Bleichenbacher Attack on RSA Encryption
SSL Extension Bleed Vulnerability
Account Takeover Vulnerability
Code Injection
Command Injection
Expression Language (EL) Injection
File inclusion vulnerability
NoSQL Injection
Server-side template injection (SSTI)
Server Side Inclusion
SQL injection
Unrestricted file upload
XPath Injection
XML External Entity (XXE) Injection
Cookie missing security attributes
Insecure HTTP Header Setting: Content Security Policy (CSP)
Insecure HTTP Header Setting: Content-Type
Insecure HTTP Header Setting: HTTP Strict Transport Security (HSTS)
Insecure HTTP Header Setting: Insecure Referrer Policy
Insecure HTTP Header Setting: X-Frame-Options
Insecure HTTP Header Setting: X-XSS-Protection Header
Strict-Transport-Security (HSTS) not enforced
CRLF Injection
Publicly exposed Firebase Database
Insecure Authorization Restriction
Insecure Direct Object Reference
LDAP Injection
Heartbleed (CVE-2014-0160)
Insecure TLS certificate validation (accept self-signed certificate)
Insecure Object Serialization
Path Traversal
Web XML Injection
Cross-Site Scripting (XSS)
GraphQL Schema Traversal Paths
TLS/SSL Server Configuration Settings
Generic Web Entry
Interesting response
Django Debug Mode Enabled
Brute Force Login Using Alias Batching in GraphQL API
GraphQL Tracing Enabled
HTTP Method Manipulation in GraphQL
Username enumeration
Insecure HTTP Header Setting
Array-Based Batch Queries
CORS Misconfiguration Vulnerability
Insecure Cross-Origin Resource Sharing (CORS) policy
Field Duplication in GraphQL API
Alias Overloading in GraphQL API
Circular Fragment in GraphQL
GraphQL Circular References
GraphQL Debug Mode Enabled
Directive Overloading in GraphQL API
Object Limit Overriding in GraphQL
Insecure TLS Certificate Validation
Anonymous unauthenticated server accepted
Use of deprecated TLS/SSL protocol version
Clear text HTTP request
Insecure TLS Ciphers supported
Insecure TLS certificate domain name validation
HTTP Host Header Poisoning
Insecure Access Control
GraphQL Authorization Misconfiguration
Secret information transmitted over the network
Enforcer proper authentication
Secure Cross-Origin Resource Sharing (CORS) Policy
Secure Content Security Policy
Secure HTTP Header Settings
Secure HTTP Strict Transport Security (HSTS) Implementation
Secure HTTP Header Setting: Secure Referrer Policy
Secure Cookie Implementation
Secure TLS certificate validation
Assign a unique name and/or number for identifying and tracking user identity
FAQ
