6 min read 8 Apr 2019 by Hendrik Buchwald
11 min read 15 Mar 2018 by Hendrik Buchwald
Today, fully automated application security testing is an important part within every secure development life cycle. In this blog post we will demonstrate how to use the RIPS CLI tool to automatically scan a project for security vulnerabilities. This enables you to integrate RIPS into basically any system as a security gate that automatically warns you when new security bugs were introduced.
24 min read 23 Aug 2017 by Hendrik Buchwald
In this blog post the architecture of the RIPS API is explained and the advantages of a RESTful API are shown. To demonstrate the simplistic nature of our interface, a small CI integration example is given that will reject code commits with security issues and hence protects the production server from new vulnerabilities.
13 min read 23 Dec 2016 by Hendrik Buchwald
The 23rd gift in our advent calendar presents security issues in e107, a content management system that is in development since 2013. Among others, we identified a critical issue that allows any user to update his permissions and to extract sensitive information from the database by exploiting a PHP Object Injection vulnerability.
28 min read 14 Dec 2016 by Hendrik Buchwald
Plugins from the community are an integral part of most Wordpress sites. We downloaded all 47,959 plugins that are available from the official Wordpress repository and analyzed them with our static code analyzer RIPS. Shockingly, about every second larger plugin contains at least one medium severity issue. But is it really that bad?