3 min read 8 Apr 2019 by Hendrik Buchwald
In-depth analysis of our latest vulnerability findings and best practices for secure development.
5 min read 26 Mar 2019 by Johannes Moritz
LogicalDOC is a global software company offering a popular Java-based document management solution as a community or enterprise edition of the same name. In this blog post we will examine a path traversal vulnerability (CVE-2019-9723) which allows malicious guest users to steal arbitrary documents and files from the server.
Detecting vulnerabilities as early as possible in the development process is crucial to minimize the costs of security flaws. With the help of our IntelliJ IDEA plugin, RIPS leading Java code analysis can be fully integrated into your developer editor to detect and resolve security issues in real-time. In this blog post, we introduce new plugin features and present a typical use case.
9 min read 13 Mar 2019 by Simon Scannell
Last month we released an authenticated remote code execution (RCE) vulnerability in WordPress 5.0. This blog post reveals another critical exploit chain for WordPress 5.1 that enables an unauthenticated attacker to gain remote code execution on any WordPress installation prior to version 5.1.1 (CVE-2019-9787).
11 min read 26 Feb 2019 by Johannes Dahse
Choosing the right solution for automated security testing is hard. A good way is to run a proof of concept (POC) of different vendors so you can verify marketing claims before adding another software to your stack. Our best practices can help to prepare an efficient and thorough evaluation so you can unmask snake oil from cutting-edge technology and make the best choice.