Continuous Integration - Jenkins at your service

6 min read 18 Dec 2016 by Daniel Peeren
An integral aspect of continuous integration is the automated testing of source code to reduce the likelihood of risks, bugs, and errors. In this post, we introduce our plugin for Jenkins, one of the most popular automation platforms in the world, that can automatically warn you whenever a new security issue is introduced to your code base.

The State of Wordpress Security

16 min read 14 Dec 2016 by Hendrik Buchwald
Plugins from the community are an integral part of most Wordpress sites. We downloaded all 47,959 plugins that are available from the official Wordpress repository and analyzed them with our static code analyzer RIPS. Shockingly, about every second larger plugin contains at least one medium severity issue. But is it really that bad?

Non-Exploitable Security Issues

7 min read 10 Dec 2016 by Hendrik Buchwald
In our previous calendar posts, we covered specific security issues in popular open-source applications that were detected by our code analysis solution RIPS. Most of the released issues lead to remote command execution, the most critical security vulnerability in PHP applications. But are all findings always exploitable? For more diversity of our calendar, we would like to introduce a few interesting examples today that turned out to be not exploitable and how RIPS handles these scenarios.

Introducing the RIPS analysis engine

10 min read 4 Dec 2016 by Johannes Dahse
In today’s post, we would like to share some insights into our static code analysis engine RIPS that detected the security bugs described in the previous and upcoming calendar gifts. The engine has a long history and went through several generations before reaching its current performance. What does it actually do within the few seconds after you click on the scan button and the first vulnerability report pops up?