Posts by author: Hendrik Buchwald

RIPS 3.1: TeamCity, LDAP and JSP Support

3 min read 8 Apr 2019 by Hendrik Buchwald
We are happy to announce the next release of our static application security testing solution. RIPS 3.1 adds useful features to the user interface, enables more integration options, and significantly improves the code analysis.

Integrate Security Checks with RIPS CLI

6 min read 15 Mar 2018 by Hendrik Buchwald
Today, fully automated application security testing is an important part within every secure development life cycle. In this blog post we will demonstrate how to use the RIPS CLI tool to automatically scan a project for security vulnerabilities. This enables you to integrate RIPS into basically any system as a security gate that automatically warns you when new security bugs were introduced.

How To Automate Security Analysis with the RIPS API

14 min read 23 Aug 2017 by Hendrik Buchwald
In this blog post the architecture of the RIPS API is explained and the advantages of a RESTful API are shown. To demonstrate the simplistic nature of our interface, a small CI integration example is given that will reject code commits with security issues and hence protects the production server from new vulnerabilities.

e107 2.1.2: SQL Injection through Object Injection

7 min read 23 Dec 2016 by Hendrik Buchwald
The 23rd gift in our advent calendar presents security issues in e107, a content management system that is in development since 2013. Among others, we identified a critical issue that allows any user to update his permissions and to extract sensitive information from the database by exploiting a PHP Object Injection vulnerability.

The State of Wordpress Security

16 min read 14 Dec 2016 by Hendrik Buchwald
Plugins from the community are an integral part of most Wordpress sites. We downloaded all 47,959 plugins that are available from the official Wordpress repository and analyzed them with our static code analyzer RIPS. Shockingly, about every second larger plugin contains at least one medium severity issue. But is it really that bad?