Posts by author: Dr. Johannes Dahse

Ensure Application Security with Zend Server and RIPS

8 min read 27 Mar 2018 by Johannes Dahse
Rogue Wave Software developed together with RIPS Technologies a new Zend Server plugin that helps to counter attacks before they can succeed. With the RIPS Code Analysis plugin, Zend Server users can now scan the source code of deployed PHP applications for security problems by using RIPS leading security analysis solution.

PHP Security Advent Calendar 2017

3 min read 30 Nov 2017 by Johannes Dahse
We are happy to announce this year’s PHP security advent calendar where we will release a new calendar gift from December 1st to 24th. This year, we will focus on nifty PHP pitfalls and release a daily code challenge for you to solve. Can you spot the daily security bug?

WordPress Plugin Vulnerabilities 2017 VS. Static Analysis

19 min read 29 Nov 2017 by Johannes Dahse
WordPress plugins are widely adopted and an attractive target for attackers. In this technical blog post we analyze the most critical vulnerabilities in WordPress plugins of 2017 and share insights about how static code analysis can detect these.

How security flaws in PHP's core can affect your application

13 min read 20 Jul 2017 by Johannes Dahse
Popular security vulnerabilities occur due to bad coding practices or coding mistakes. Often a single missing character or incautiously used language feature opens the gates for an attacker. But even when all best practices for secure programming are carefully adhered to, a PHP application’s source code is only as secure as the PHP interpreter it runs on. Learn how memory corruption bugs in the PHP core itself can affect applications.

What we learned from our Advent Calendar

15 min read 24 Dec 2016 by Johannes Dahse
In our final advent calendar post, we summarize what we learned during this thrilling advent time. We reveal how the affected vendors reacted to our reportings behind the scenes. Was it right to publish all these sensitive issues? What conclusions can we draw about the security state of PHP applications from our findings?