Documentation
Welcome to the Ostorlab documentation! These pages cover what Ostorlab is, how to get started using it, and reference materials for its features.
What is Ostorlab?
Ostorlab is a security testing tool for Mobile (Android and IOS), Web and Attack Surface powered by an Open-Source engine. Ostorlab addresses the full cycle of vulnerability management, from inventory, asset discovery, scanning, monitoring, policy definition and enforcement up to remediation.
Get started
Discover, Scan, Fix!
Ostorlab helps through the whole journey. Start by discovering and managing your infrastructure and external assets. Run scans for the critical ones and analyze and aggregate the vulnerabilities.
Integrate with your CI/CD pipelines, and finally set monitoring rules to trigger scans with every change.
Explore the full story
Discover your Assets
Manage your attack surface and discover all of your assets, especially those you don't know about.
Scan your important Assets
Run scans on your Mobile Applications, Web Applications & APIs, and Networks, All in the same platform.
Analyze & understand
Follow your code Call Traces, API calls, and traffic. Get into the Attacker's shoes and see exactly what they would see.
Fix vulnerabilities
Aggregate vulnerabilities into tickets, assign them to developers, set timelines, and let Ostorlab verify the fixes.
Monitor your infrastructure
Effortlessly & automatically trigger a scan with every change, from a new application release to an API schema change.
Integrate
Integrate Ostorlab to your CI/CD pipeline in Jenkins, Github, or GitLab and make sure your applications are secure before being shipped.