We are pleased to announce integration support for the two major build automation tools Apache Maven and Gradle. Both plugins enable to add our static code analysis solution to your build process and to provide a streamlined way to configure and start a new security scan for your Java applications.

A recent Capture-The-Flag tournament hosted by Insomni’hack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.

Last year in December we released once a day a vulnerability affecting WordPress core or one of the most popular WordPress plugins, next to a critical persistent XSS in wordpress.org. This blogpost will summarize common mistakes developers make and the overall impact our advent calendar had on the WordPress community and the current state of WordPress security.

We are excited to start the year 2019 with a new major release and milestone. RIPS 3.0 adds support for analyzing Java code for security and quality issues. Find out more about our unique code analysis approach and other new RIPS features.

The WordPress.org website holds the repositories for all plugins and themes that are used by all WordPress sites. Furthermore, it manages the accounts that developers use to edit the code of their themes and plugins. In this blog post, we investigate a critical stored XSS vulnerability on the WordPress.org website we have reported to the WordPress security team in May 2018.