docs.ostorlab.co
Open in
urlscan Pro
76.76.21.142
Public Scan
Submitted URL: http://docs.ostorlab.co/
Effective URL: https://docs.ostorlab.co/
Submission: On June 10 via api from DE — Scanned from DE
Effective URL: https://docs.ostorlab.co/
Submission: On June 10 via api from DE — Scanned from DE
Form analysis
1 forms found in the DOMName: search —
<form class="md-search__form" name="search">
<!-- Search input -->
<input type="text" class="md-search__input search-input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required="">
<!-- Button to open search -->
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"></path>
</svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"></path>
</svg>
</label>
<!-- Search options -->
<nav class="md-search__options" aria-label="">
<!-- Button to share search -->
<!-- Button to reset search -->
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"></path>
</svg>
</button>
</nav>
<!-- Search suggestions -->
</form>
Text Content
Documentation Home Type to start searching Login Demo * Home * Getting Started * Scanning * Attack Surface * Remediation * Integrations * Organisation * Plans * Security * API * FAQ OSTORLAB DOCS A comprehensive guide to using Ostorlab. GETTING STARTED Getting Started Dashboard SCANNING Run a scan Manage Scans Report View more... ATTACK SURFACE Discovery Data Monitoring View more... REMEDIATION Ticketing Views INTEGRATIONS CI/CD Ticketing SSO ORGANISATION Setup Users Settings PLANS Add Plan Transfer plans SECURITY Mobile App Security Testing Streamlining Mobile App Security in the SDLC with Ostorlab Detection View more... API GraphQl API FAQ FAQ Documentation * Home * Getting Started Getting Started * Getting Started * Dashboard Dashboard * Overview * Scans & Risk * Remediation * Inventory & Attack Surface * Remediation Calendar * Scanning Scanning * Run a scan Run a scan * Scan a Mobile Application from the Store * Scan an iOS Mobile Application using TestFlight * Scan a Web Application * Authenticated Web Application Scan * Authenticated Scans * Scans with SBOM or Lockfile * Scan Networks * Scan Assets from the inventory * Scan with custom config * Scan Web App with Chrome's Recorder Puppeteer Script * Manage Scans Manage Scans * Stop Scan * Archive Scan * Report Report * Generate PDF report * Risk Rating * Analysis Analysis * IDE * Check Call Coverage * Monitoring Monitoring * Monitoring * Create Monitoring Rule * On-prem Scanners On-prem Scanners * Run a scan * Attack Surface Attack Surface * Discovery * Data * Monitoring * Search and Navigation * Inventory Inventory * Add Assets * Discover Assets * Edit Potential Owners * Bulk Import Assets * Edit Assets * Delete Asset * Filter by Asset * Exclude Asset * Graph Graph * Share a Graph * Location Location * Add Location * Owners Owners * Add Owner * Remediation Remediation * Ticketing Ticketing * Guide * Create Ticket * Comment on Ticket * Add a Checklist to a Ticket * Configure Patching Policy * Vulnerabilities and Tickets Management * Views Views * Kanban * Timeline * Integrations Integrations * CI/CD CI/CD * GitHub * GitLab * Jenkins * Azure DevOps * App Center * CircleCI * Bitbucket * GoCD * TeamCity * Slack * Ticketing Ticketing * Jira * SSO SSO * Guide * Saml with Azure Active Directory * Saml with Google Workspace (formerly G Suite) * Saml with Okta * Saml with OneLogin * Organisation Organisation * Setup Setup * Create Organisation * Users Users * User Roles * Add Users * Switch Organisation * Modify User Permissions * Disable email notifications * Settings Settings * Add Two-factor authentication device to your account * Plans Plans * Add Plan * Transfer plans * Security Security * Mobile App Security Testing * Streamlining Mobile App Security in the SDLC with Ostorlab * Detection * Platform Support * Product * Architecture * Security at Ostorlab * Vulnerability Disclosure * Knowledge Base Knowledge Base * Debug mode enabled * ELF binaries do not enforce secure binary properties * Insecure Network Configuration Settings * Application code not obfuscated * Insecure File Provider Paths Setting * Command Injection * Notification Spoofing * Use of Wifi API that contains or leaks sensitive PII * Android Package Context created without security restrictions * Exported activites, services and broadcast receivers list * Application prevents taking screenshots * List of JNI methods * APK attack surface * Application certificate information * Classes list * Hardcoded strings list * Recorded calls to dynamic code loading API * Recorded calls to command execution API * Recorded calls to Crypto API * Recorded calls to FileSystem API * Recorded calls to Hash API * Recorded calls to HTTP API * Recorded calls to Intent API * Recorded calls to Inter-Process-Communication (IPC) API * Recorded calls to logging API * Recorded calls to Process API * Recorded calls to Serialization API * Recorded calls to Shared Preferences API * Recorded calls to SQLite query API * Recorded calls to TLS Pinning API * Recorded calls to TLS API * Recorded calls to dangerous WebView settings API * Implementation of a FileObserver * APK files list * Hardcoded SQL queries list * Hardcoded urls list * Declared permissions list * Android Manifest * Obfuscated methods * Implementation of a WebViewClient * Broadcast receiver dynamic registration * Call to Android Security API * Call to Bluetooth and BLE API * Call to Crypto API * Call to delete file API * Call to dynamic code loading API * Call to command execution API * Call to External Storage API * Call to Inter-Process-Communication (IPC) API * Call to logging API * Call to native methods * Call to Random API * Call to Reflection API * Call to Socket API * Call to SQLite query API * Call to TLS API * Call to dangerous WebView settings API * Call to XML parsing API * Call to ZIP API * Expansion APK enabled * Debug Symbols Present in the Application * Facebook React development settings exposed * Attribute hasFragileUserData not set * Unused permissions (overprivileged) * Attribute requestLegacyExternalStorage set * Task Hijacking * Attribute usesCleartextTraffic set * Deprecated Target API Version * Intent Spoofing * Android Sensitive data stored in keyboard cache * Application signed with an expired certificate * Facebook SDK debug mode enabled * Abuse of mobile network connection * Android Class Load Hijacking * Undeclared Permissions * addJavaScriptInterface Remote Code Execution. * Webview Remote Debugging Enabled * Implicit PendingIntent * Use of an insecure Bluetooth connection * Android Class Loading Hijacking * Insecure Shared Preferences Permissions * Insecure Register Receiver Flag * Intent Redirection * File Path Traversal * Redis Library detected * Stack traces reveal technical information * Untrusted External Storage File Access * Webview loadurl injection * Backup mode enabled * Services declared without permissions * Source to Sink * Backup mode disabled * Application checks rooted device * Debug mode disabled * Secure Network Configuration Settings * Domain name and IP address reputation report * Secure Virustotal malware analysis (MD5 based search) * Dependency Confusion * Format String Vulnerability * CORS Misconfiguration Vulnerability * Use of Deprecated Component * Insecure hostname validation check * Insecure JWT Signature Validation * Domain name and IP address reputation report * Insecure Storage of Application Data * VirusTotal scan flagged malicious asset(s) (MD5 based search) * Protected Health Information were detected on the system * Personally Identifiable Information (PII) Leakage * OAuth Account Takeover by hijacking custom schemes * Regular expression denial of service * Tapjacking Vulnerability * Template Injection * XPath Injection Vulnerability * Obfuscated Flutter code * List of calls to dangerous low-level C functions * Calls to Privacy API * Use of Outdated Vulnerable Component * Process crashes * Biometric Authentication Bypass * Cryptographic Vulnerability: Insecure Algorithm * Cryptographic Vulnerability: Hardcoded Key * Cryptographic Vulnerability: Insecure mode * Use non-random initialization vector (IV) * HTML Injection Vulnerability * Insecure Dynamic Library Loading * Insecure password storage * Insecure Filesystem Access * Insecure Random Seed * Credentials exposed in logs * Credentials exposed in URLs * Memory Leak * Mobile SQL Injection Vulnerability * Cryptographic Vulnerability: Weak Hashing Algorithm * XML Injection * ZIP Vulnerabilities: Path Traversal, Zip Symbolic Link, and Zip Extension Spoofing * port open on localhost * Continuous collection of GPS location * Secret information stored in the application * URL Manipulation * Malformed ATS Configuration * Automatic Reference Counting (ARC) not enforced * Stack smashing protection not enforced * Missing privacy manifest file * iOS URL Scheme Injection * IPA contains only bitcode * Mach-O encrypted * Mach-O entitlements * IPA files list * IPA Frameworks list * IPA Plist files * IPA symbol table * URL Scheme list * Strings Bplist files * Debug Symbols Present in the Application * iOS Sensitive data stored in keyboard cache * iTunes UI File Sharing Enabled * Address Space Layout Randomization (ASLR) not enforced * Insecure App Transport Security (ATS) Settings * iOS URL Scheme Hijacking * Application implements anti-debug techniques * Privacy manifest files * No sensitive data stored outside App * Insecure whitelist configuration * Source Map Code Leak * Cordova debug mode enabled * Cordova Cross-Site Scripting (XSS) * Insecure whitelist * Public AWS S3 bucket with file listing enabled * Secure Firebase Database Permissions * Subdomain Takeover * External DNS interaction * Network Port Scan * Account Takeover Vulnerability * Code Injection * Command Injection * Expression Language (EL) Injection * File inclusion vulnerability * NoSQL Injection * Server-side template injection (SSTI) * Server Side Inclusion * SQL injection * XPath Injection * XML External Entity (XXE) Injection * Cookie missing security attributes * Insecure HTTP Header Setting: Content Security Policy (CSP) * Insecure HTTP Header Setting: Content-Type * Insecure HTTP Header Setting: HTTP Strict Transport Security (HSTS) * Insecure HTTP Header Setting: Insecure Referrer Policy * Insecure HTTP Header Setting: X-Frame-Options * Insecure HTTP Header Setting: X-XSS-Protection Header * Strict-Transport-Security (HSTS) not enforced * CRLF Injection * Publicly exposed Firebase Database * Insecure Direct Object Reference * LDAP Injection * Heartbleed (CVE-2014-0160) * Insecure TLS certificate validation (accept self-signed certificate) * Insecure Object Serialization * Path Traversal * XML Injection * TLS/SSL Server Configuration Settings * Interesting response * Django Debug Mode Enabled * Username enumeration * Generic Web Entry * Insecure HTTP Header Setting * Insecure Cross-Origin Resource Sharing (CORS) policy * Insecure TLS Certificate Validation * Anonymous unauthenticated server accepted * Use of deprecated TLS/SSL protocol version * Clear text HTTP request * Insecure TLS Ciphers supported * Insecure TLS certificate domain name validation * HTTP Host Header Poisoning * Insecure Direct Object Reference (IDOR) * Insecure Access Control * Unrestricted file upload * Cross-Site Scripting (XSS) * Secret information transmitted over the network * Enforcer proper authentication * Secure TLS certificate validation * Assign a unique name and/or number for identifying and tracking user identity * API API * GraphQl API * FAQ Next Getting Started Copyright © 2024 Ostorlab Security Testing Platform. Made with Material for MkDocs