Web Application
Security Research

In-depth analysis of our latest vulnerability findings and best practices for secure development.

The Hidden Flaws of Archives in Java

4 min read 29 May 2019 by Johannes Moritz
Archives such as Zip, Tar, Jar or 7z are useful formats to collect and compress multiple files or directories in a container-like structure. However, the extraction of archives can introduce security risks which resulted in multiple critical vulnerabilities in popular applications in the past. In this post we explain the risk behind archive extraction and show how to securely extract archives in Java.

Flyeralarm Secures Web Shop with RIPS

5 min read 14 May 2019 by Johannes Dahse
FLYERALARM, a leading german e-commerce company, expands its strong security layer with RIPS to secure its web shop and customer data. Find out how FLYERALARM saves multiple hours each day with automated security testing - a success story.

How to add a Security Gateway to TeamCity

3 min read 30 Apr 2019 by Malena Ebert
With our latest release RIPS 3.1 we published our new integration plugin for TeamCity. It is implemented as a security gateway to automatically check your code builds for the existence of security vulnerabilities and related code quality issues. See how RIPS can automatically protect your production server from new security bugs.

RIPS 3.1: TeamCity, LDAP and JSP Support

3 min read 8 Apr 2019 by Hendrik Buchwald
We are happy to announce the next release of our static application security testing solution. RIPS 3.1 adds useful features to the user interface, enables more integration options, and significantly improves the code analysis.

LogicalDOC 8.2 Path Traversal Vulnerability

5 min read 26 Mar 2019 by Johannes Moritz
LogicalDOC is a global software company offering a popular Java-based document management solution as a community or enterprise edition of the same name. In this blog post we will examine a path traversal vulnerability (CVE-2019-9723) which allows malicious guest users to steal arbitrary documents and files from the server.