RIPS becomes Joomla! Official Code Analysis Partner

19 Jun 2018 by Fabian Langen

Joomla Partnership

Joomla, one of the world’s most popular Content Management Systems (CMS), announced today its partnership with RIPS, the technology leader for PHP application security testing.

Read More ...

Evil Teacher: Code Injection in Moodle

12 Jun 2018 by Robin Peraglie

Code Injection Exploit in Moodle

Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release detected by RIPS Code Analysis. It is located in the Quiz component of Moodle and can be successfully exploited through the teacher role in order to perform remote code execution. If you are running Moodle < 3.5.0 we highly recommend to update your instances to the newest version immediately.

Read More ...

RIPS Integration into Jenkins CI with Pipeline Support

30 May 2018 by Malena Ebert

RIPS Jenkins Integration

Jenkins CI is one of the leading open source automation server and provides hundreds of plugins to support building, deploying and automating any project. It supports version control tools like Git, Subversion, Mercurial, Perforce, and can execute Apache Ant, Apache Maven and Gradle based projects as well as arbitrary shell scripts and Windows batch commands. RIPS supports the integration of security analysis into Jenkins since 2016 that helps to prevent that new security vulnerabilities are added to your build. Our new major release now also supports the new Pipeline feature and improves existing features.

Read More ...

A Salesmans Code Execution: PrestaShop 1.7.2.4

7 May 2018 by Robin Peraglie

PrestaShop is an open-source e-commerce solution. With more than 270,000 running instances it is one of the top 10 most used content management systems in the Web1. Additionally to the classical software download, PrestaShop Ready offers to rent an online shop and to get administrative access to pre-hosted PrestaShop instances. From the perspective of attackers these e-commerce systems are very attractive targets because thousands of customers enter sensitive payment information.

Our leading security analysis solution RIPS detected a highly critical PHP object injection vulnerability in PrestaShop that allows to execute arbitrary code on any installation with version <= 1.7.2.4. In this technical blog post we present the vulnerability and the exploitation technique that could have allowed attackers to compromise PrestaShop servers. This posed a serious risk for the PrestaShop Ready cloud. A fix was released and administrators of outdated PrestaShop installations are highly encouraged to update.

Read More ...

PHP Code Quality Testing with RIPS 2.9.0

17 Apr 2018 by Martin Bednorz

New Look and Feel

One year ago we released version 2.0.0 of our superior PHP security analysis solution RIPS. Since then, monthly update releases for our user interface, REST API, and static analysis engine pushed our product, altogether with many new integration plugins and supported industry standards. Today, our user interface enables a highly modern and performant audit experience and our awarded code analysis engine detects unknown bugs in real applications as precise and complete as possible. To further aid developers on their mission to secure PHP code, we are excited to announce the support of the detection of over 30 new types of code quality bugs with RIPS!

Read More ...