Web Application
Security Research

In-depth analysis of our latest vulnerability findings and best practices for secure development.

How to add a Security Gateway to TeamCity

3 min read 30 Apr 2019 by Malena Ebert
With our latest release RIPS 3.1 we published our new integration plugin for TeamCity. It is implemented as a security gateway to automatically check your code builds for the existence of security vulnerabilities and related code quality issues. See how RIPS can automatically protect your production server from new security bugs.

RIPS 3.1: TeamCity, LDAP and JSP Support

3 min read 8 Apr 2019 by Hendrik Buchwald
We are happy to announce the next release of our static application security testing solution. RIPS 3.1 adds useful features to the user interface, enables more integration options, and significantly improves the code analysis.

LogicalDOC 8.2 Path Traversal Vulnerability

5 min read 26 Mar 2019 by Johannes Moritz
LogicalDOC is a global software company offering a popular Java-based document management solution as a community or enterprise edition of the same name. In this blog post we will examine a path traversal vulnerability (CVE-2019-9723) which allows malicious guest users to steal arbitrary documents and files from the server.

Java Security Analysis for IntelliJ IDEA

6 min read 19 Mar 2019 by Julian Karl, Amin Dada
Detecting vulnerabilities as early as possible in the development process is crucial to minimize the costs of security flaws. With the help of our IntelliJ IDEA plugin, RIPS leading Java code analysis can be fully integrated into your developer editor to detect and resolve security issues in real-time. In this blog post, we introduce new plugin features and present a typical use case.

WordPress 5.1 CSRF to Remote Code Execution

9 min read 13 Mar 2019 by Simon Scannell
Last month we released an authenticated remote code execution (RCE) vulnerability in WordPress 5.0. This blog post reveals another critical exploit chain for WordPress 5.1 that enables an unauthenticated attacker to gain remote code execution on any WordPress installation prior to version 5.1.1 (CVE-2019-9787).