Data Center Edition

Automated security testing with RIPS is typically performed when a new code feature is merged into the development branch. But when security scanning is shifted left to the developers who scan every single code commit, the total amount of scans increases significantly. As a result, the hardware resources of a single server can become a bottleneck. In order to support scanning of high volumes in large organizations, RIPS 3.3 now supports the processing of concurrent scans on multiple servers in parallel. This enables more hardware resources and drastically boost your scan pipeline.

The scaling of multiple scans onto different engine servers is handled by RIPS automatically. New scans are collected in a queue and are then delegated to different analysis engines according to available resources (find out more). As before, scanning can be triggered via our UI, REST API, CLI tool, or our integration plugins. On top of that, we managed to reduce the memory consumption of a single scan by up to 300% and to reduce the overall scan speed.

Cluster Server

Java Dependency Analysis

For the most accurate static analysis of a Java application, the data flow of user input is analyzed throughout all available functions and classes in the code base. However, this data flow can go through external dependency code and the list of available Java dependencies is endless. A single missed dependency can interrupt the data flow analysis and hence lead to a failed detection of a critical vulnerability (false negative).

Example: Data flows through dependency code base64.decode()

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import org.apache.commons.codec.binary.Base64;

public class Base64Decoder {
    public void process(WebRequest request) {
        // user input
        String encoded = request.getParameter("encoded");
        // dependency code
        Base64 base64 = new Base64();
        String decoded = new String(base64.decode(encoded.getBytes()));
        // XSS vulnerability
        System.out.println("decoded: <b>" + decoded + "</b>");
    }
}

To overcome this challenge, RIPS Java engine is shipped with a huge database of preloaded data flow analysis for the most common dependencies. But what if your project uses unpopular dependencies? RIPS 3.3 now warns you when it detected missing dependencies. You can then update our dependency database and rescan your code with a click. RIPS will automatically download, analyze and cache missing dependencies to enable full code coverage. In case you are running an offline installation, you can also add your dependencies to your code repository which are then included into our database (find out more).

Notification System and Health Check

With more and more applications in your organization, it is easy lose track of what is going on in your RIPS account. Our new notification system enables you to stay up to date on what is happening. The notifications can inform you as soon as a security scan is started or completed, when new issues are found, or when a server problem was detected. We implemented a health check that ensures that your RIPS server is running fine and, for example, does not run out of disk space or memory. Notifications can be configured for each application and user separately and can be also send out via email. You can now also define your custom callbacks via our web interface that trigger external URLs for specific events (find out more). This can be used, for example, to push a notification into your custom tool once a new scan finishes.

Health Check

Advanced User Management

RIPS users start new scans and add review labels or comments to the detected security issues. With RIPS 3.3 you can now see statistics that visualize these user tasks over time so you can review activity trends. For this purpose, we have also added a new user role operator who can see all scans and statistics but has less privileges than a chief user and cannot modify any system settings. For a more secure operation of your RIPS account or installation we also added Multi-Factor Authentication (find out more).

User Activity

Improved Framework Support

To strengthen the vulnerability detection in framework-based code we further improved our dedicated support for popular PHP and Java frameworks. This enables RIPS to perform the most precise data flow analysis for modern and complex code bases.

PHP Frameworks

  • Added Lumen support
  • Improved Drupal support
  • Improved Magento support
  • Improved Symfony 1 support
  • Improved Laravel support
  • Improved CakePHP support
  • Improved Oxid eShop support

See full list of supported PHP frameworks

Java Frameworks

  • Added Vert.X support
  • Added GWT support
  • Added Dropwizard support
  • Added Struts 1 support
  • Added MyBatis support

See full list of supported Java frameworks

And More

As always, there are many more improvements. For example, we improved our automated patch generation, LDAP integration, parent scan comparison and data filter system. The analysis precision was refined with the help of additional issue types, sources and sinks. You can check out the full list of changes in our release notes.

Update to the latest version today, or request a free trial to try out our new features!