Web Application
Security Research

In-depth analysis of our latest vulnerability findings and best practices for secure development.

SugarCRM's Security Diet - Multiple Vulnerabilities

10 min read 14 Sep 2017 by Robin Peraglie
SugarCRM is one of the most popular customer relationship management solutions. RIPS uncovered critical security issues that could allow attackers to steal customer data or sensitive files from the server.

How To Automate Security Analysis with the RIPS API

14 min read 23 Aug 2017 by Hendrik Buchwald
In this blog post the architecture of the RIPS API is explained and the advantages of a RESTful API are shown. To demonstrate the simplistic nature of our interface, a small CI integration example is given that will reject code commits with security issues and hence protects the production server from new vulnerabilities.

Security Analysis with SonarQube Plugin

4 min read 4 Aug 2017 by Martin Bednorz
SonarQube is one of the leading products for continuous code quality inspection. But in today’s world the detection of security issues is even more important. RIPS enables to integrate its awarded security analysis solution directly into SonarQube through a plugin that helps to detect security threats and quality issues in a central place.

How security flaws in PHP's core can affect your application

7 min read 20 Jul 2017 by Johannes Dahse
Popular security vulnerabilities occur due to bad coding practices or coding mistakes. Often a single missing character or incautiously used language feature opens the gates for an attacker. But even when all best practices for secure programming are carefully adhered to, a PHP application’s source code is only as secure as the PHP interpreter it runs on. Learn how memory corruption bugs in the PHP core itself can affect applications.

Why mail() is dangerous in PHP

8 min read 3 May 2017 by Robin Peraglie
Recently, many critical security vulnerabilities were fixed in popular PHP applications such as Roundcube, Wikimedia and Zend Framework that based on insecure usage of the PHP mail() function. In this post, we have a look at the common ground of these vulnerabilities and how to use mail() securely.