4 min read 18 Apr 2017 by Martin Bednorz
8 min read 24 Dec 2016 by Johannes Dahse
In our final advent calendar post, we summarize what we learned during this thrilling advent time. We reveal how the affected vendors reacted to our reportings behind the scenes. Was it right to publish all these sensitive issues? What conclusions can we draw about the security state of PHP applications from our findings?
7 min read 23 Dec 2016 by Hendrik Buchwald
The 23rd gift in our advent calendar presents security issues in e107, a content management system that is in development since 2013. Among others, we identified a critical issue that allows any user to update his permissions and to extract sensitive information from the database by exploiting a PHP Object Injection vulnerability.
9 min read 22 Dec 2016 by Daniel Peeren
Security is an integral part of many regulations that organizations have to fulfill in certain sectors. Specific sets of requirements are defined by several regulatory organizations or standards, for example PCI DSS, HIPAA, or the ISO27k-series. Learn how RIPS SAST can help you to detect violations against these security requirements.
8 min read 21 Dec 2016 by Martin Bednorz
In our 21st advent calendar gift, we cover AbanteCart, a very popular e-commerce solution that just turned 5 years old last month. RIPS found multiple SQL injections, PHP object injections, and the complementary cross-site scriptings so that the more severe vulnerabilities can be exploited. Interestingly, the AbanteCart website was defaced just moments before we send out our analysis report to the development team.