Web Application
Security Research

In-depth analysis of our latest vulnerability findings and best practices for secure development.

Java Security Advent Calendar 2019

1 min read 28 Nov 2019 by Johannes Dahse
The December season starts and it is our tradition at RIPS to announce and release a fun security advent calendar. We added support for the popular Java language to RIPS code analysis and hence this year we will give away a daily Java security challenge. Can you spot the vulnerability?

Integrate Security Testing with GitHub Actions

2 min read 26 Nov 2019 by Malena Ebert
As part of our latest release RIPS 3.3, we published our new integration for GitHub. It can be used as a security gateway to automatically check your application builds for the existence of security vulnerabilities and security-related code quality issues. See how RIPS can automatically protect your production server from new security bugs.

RIPS 3.3: Scaling Security Testing to Large Teams

5 min read 12 Nov 2019 by Martin Bednorz
RIPS 3.3 is now available! It enables to scale our cutting-edge SAST technology to large teams and applications. Run parallel scans with our new data center edition, increase analysis depth with an improved dependency and framework analysis, and enjoy an upgraded user experience with new notifications, user activity statistics, and a RIPS health check.

Backend SQL Injection in BigTree CMS 4.4.6

7 min read 5 Nov 2019 by Robin Peraglie
BigTree is a small content management system which does not depend on many frameworks and advertises itself as user friendly and developer ready. In this blog post, we will take a look at a few vulnerabilities we have detected in the codebase of BigTree.

Official Code Analysis Partner for TYPO3

3 min read 31 Oct 2019 by Roland Bachmann
TYPO3, one of the most widely used enterprise-level CMS with over 9 million downloads and over 15 years of experience in the content management market, announced today its partnership with RIPS, the technology leader for static application security testing of web applications.