How To Automate Security Analysis with the RIPS API

14 min read 23 Aug 2017 by Hendrik Buchwald
In this blog post the architecture of the RIPS API is explained and the advantages of a RESTful API are shown. To demonstrate the simplistic nature of our interface, a small CI integration example is given that will reject code commits with security issues and hence protects the production server from new vulnerabilities.

Security Analysis with SonarQube Plugin

4 min read 4 Aug 2017 by Martin Bednorz
SonarQube is one of the leading products for continuous code quality inspection. But in today’s world the detection of security issues is even more important. RIPS enables to integrate its awarded security analysis solution directly into SonarQube through a plugin that helps to detect security threats and quality issues in a central place.

How security flaws in PHP's core can affect your application

7 min read 20 Jul 2017 by Johannes Dahse
Popular security vulnerabilities occur due to bad coding practices or coding mistakes. Often a single missing character or incautiously used language feature opens the gates for an attacker. But even when all best practices for secure programming are carefully adhered to, a PHP application’s source code is only as secure as the PHP interpreter it runs on. Learn how memory corruption bugs in the PHP core itself can affect applications.

Why mail() is dangerous in PHP

8 min read 3 May 2017 by Robin Peraglie
Recently, many critical security vulnerabilities were fixed in popular PHP applications such as Roundcube, Wikimedia and Zend Framework that based on insecure usage of the PHP mail() function. In this post, we have a look at the common ground of these vulnerabilities and how to use mail() securely.

Security Compliance with Static Code Analysis

9 min read 22 Dec 2016 by Daniel Peeren
Security is an integral part of many regulations that organizations have to fulfill in certain sectors. Specific sets of requirements are defined by several regulatory organizations or standards, for example PCI DSS, HIPAA, or the ISO27k-series. Learn how RIPS SAST can help you to detect violations against these security requirements.