GRC Viewpoint

OSTORLAB: Addressing Industry-Specific Challenges through Holistic and Comprehensive Mobile Applications Security Solutions

Alaeddine Mesbahi
Co-Founder

Amine Mesbahi
Co-Founder

“Ostorlab’s success is driven by the quality of the platform and the richness of features and capabilities it provides. For example, we have no sales team, and we don’t send cold emails or do cold calls. Instead, our product is our main ambassador through its community version”

A fast-growing Asian healthcare startup was in search of a vulnerability management strategy that was unique and problem-specific. Key aspects of their products include mobile applications which process critical data. After an extensive search, the startup zeroed in on Ostorlab, a Delaware, US based mobile security testing automation platform. Ostorlab extended a three-stage approach of evaluating the security of the former’s products to identify and fix important privacy and security issues. The next step was to earn necessary validations and certifications from customers and government entities during audits.

The last phase was all about incorporating current projects with CD/CI pipelines to make sure a fast iteration cycle is on. Further, there was sufficient focus on reducing the overall expenditure associated with fixing vulnerabilities. Incepted in 2020, Ostorlab empowers enterprises to automate security for the safety of their users and themselves so as to unblock revenue growth relying on security reviews. The firm has an impressive clientele. There is the third biggest bank in the United States, several fortune 500 firms, the largest encryption firm in the world, and industry leaders across sectors including construction, luxury goods, and manufacturing.

An Industry-Specific Approach

The number of customers relying on mobile devices to visit websites is increasing steadily. As a result of such trends, mobility is gaining prominence across sectors. With mobility, location and time are no longer limiting factors. Also, cyber-attacks are on the rise, and security policies are often being violated. These trends are surfacing as market drivers, and the mobile application security sector is anticipating colossal growth.

Yet, the mobile applications security and private testing platform is facing a plethora of urgent challenges. The impending challenges include:

• Deciding an enterprise’s attack surface.
• Effectively managing an enterprise’s assets.
• Carrying out in-depth vulnerability detection.

The industry needs to urgently extend intelligent remediation abilities and combine them with CI/CD pipelines. Further, comprehensive and holistic solutions that address these industry-specific challenges are more than urgent. Ostorlab has successfully extended holistic and comprehensive solutions to cater to these industry demands. “Ostorlab’s success is driven by the quality of the platform and the richness of features and capabilities it provides.

For example, we have no sales team, and we don’t send cold emails or do cold calls. Instead, our product is our main ambassador through its community version”, says Alaeddin MESBAHI, Co-founder and CEO.

“Ostorlab’s success is driven by the quality of the platform and the richness of features and capabilities it provides. For example, we have no sales team, and we don’t send cold emails or do cold calls. Instead, our product is our main ambassador through its community version”

Staying Ahead of the Competition

Ostorlab enables consumers to tackle complex challenges to enhance the security aspect of their mobile applications. The term complicated challenges could mean trivializing highly complex mobile security testing, bridging the gap in mobile security talent, and unlocking revenue growth with respect to security vetting. The product-driven approach to creating demand is a differentiating aspect of the company.

“We believe that users should be able to test a product before adopting it. We have implemented vital capabilities to make life easier for our users: like scanning applications directly from mobile stores in any country, automating device interaction during dynamic testing, and supporting a wild range of authentication schemes that mimic human interaction, provide a graphical visualization of all test scenarios during dynamic testing, and the list goes on”, adds MESBAHI.

Currently, The Ostorlab community platform is leveraged by over 8k users and has reported over 8 million vulnerabilities. Of these, more than 10k issues are of high severity. Vulnerability management veterans drive the company. As a result, awareness of fundamental issues faced by security teams on a day-to-day basis has been a crucial factor in Ostorlab’s success.

The Roadmap

“Ostorlab’s focus over the next 12 months is helping security teams build rock-solid confidence in their apps’ security posture by providing them with information to prioritize their remediation efforts and evaluate their risk exposure. We aim to achieve that by improving detection and increasing visibility into Mobile Application’s attack surface”, continues MESBAHI.

Ostorlab is confident that with these strategies, security experts would be able to draw conclusions quickly. For instance, it will be easy to be particular about some of the dependencies being outdated or vulnerable methods are reachable or not reachable or is it risky.