RIPS 3.1: TeamCity, LDAP and JSP Support

8 Apr 2019 by Hendrik Buchwald

RIPS 3.1 user interface

We are happy to announce the next release of our static application security testing solution. RIPS 3.1 adds useful features to the user interface, enables more integration options, and significantly improves the code analysis.

Read More

LogicalDOC 8.2 Path Traversal Vulnerability

26 Mar 2019 by Johannes Moritz

LogicalDOC Path Traversal

LogicalDOC is a global software company offering a popular Java-based document management solution as a community or enterprise edition of the same name. In this blog post we will examine a path traversal vulnerability (CVE-2019-9723) which allows malicious guest users to steal arbitrary documents and files from the server.

Read More

Java Security Analysis for IntelliJ IDEA

19 Mar 2019 by Julian Karl, Amin Dada

Java Security Testing for IntelliJ

Detecting vulnerabilities as early as possible in the development process is crucial to minimize the costs of security flaws. With the help of our IntelliJ IDEA plugin, RIPS leading Java code analysis can be fully integrated into your developer editor to detect and resolve security issues in real-time. In this blog post, we introduce new plugin features and present a typical use case.

Read More

WordPress 5.1 CSRF to Remote Code Execution

13 Mar 2019 by Simon Scannell

WordPress Remote Code Execution

Last month we released an authenticated remote code execution (RCE) vulnerability in WordPress 5.0. This blog post reveals another critical exploit chain for WordPress 5.1 that enables an unauthenticated attacker to gain remote code execution on any WordPress installation prior to version 5.1.1.

Read More

5 Best Practices for your SAST Evaluation

26 Feb 2019 by Dr. Johannes Dahse

Static Application Security Testing Evaluation

Choosing the right solution for automated security testing is hard. A good way is to run a proof of concept (POC) of different vendors so you can verify marketing claims before adding another software to your stack. Our best practices can help to prepare an efficient and thorough evaluation so you can unmask snake oil from cutting-edge technology and make the best choice.

Read More