5 Best Practices for your SAST Evaluation

20 min read 26 Feb 2019 by Johannes Dahse
Choosing the right solution for automated security testing is hard. A good way is to run a proof of concept (POC) of different vendors so you can verify marketing claims before adding another software to your stack. Our best practices can help to prepare an efficient and thorough evaluation so you can unmask snake oil from cutting-edge technology and make the best choice.

What is Phar Deserialization

9 min read 14 Aug 2018 by Johannes Dahse
Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.

Comparison of Application Security Testing Approaches

15 min read 31 Jul 2018 by Johannes Dahse
Web applications can be tested manually or automated, as a blackbox or a whitebox, with static or dynamic analysis. In this post we compare the advantages and disadvantages of a variety of approaches and solutions.

WordPress Plugin Vulnerabilities 2017 VS. Static Analysis

19 min read 29 Nov 2017 by Johannes Dahse
WordPress plugins are widely adopted and an attractive target for attackers. In this technical blog post we analyze the most critical vulnerabilities in WordPress plugins of 2017 and share insights about how static code analysis can detect these.

How security flaws in PHP's core can affect your application

13 min read 20 Jul 2017 by Johannes Dahse
Popular security vulnerabilities occur due to bad coding practices or coding mistakes. Often a single missing character or incautiously used language feature opens the gates for an attacker. But even when all best practices for secure programming are carefully adhered to, a PHP application’s source code is only as secure as the PHP interpreter it runs on. Learn how memory corruption bugs in the PHP core itself can affect applications.