Filter by tag: insights

How to Fine-Tune Static Code Analysis - Part 2

12 min read 17 Dec 2019 by Johannes Dahse
Static code analysis is a powerful tool for automated security testing of applications. The more an analysis is tailored to your programming language and individual code, the more efficient and accurate are the results. In the second part of our fine-tuning guide, we dive deeper into our analysis approach and how to fully customize it with 5 advanced settings.

How to Fine-Tune Static Code Analysis - Part 1

10 min read 10 Dec 2019 by Johannes Dahse
A good SAST solution works out-of-the-box for any code base. But there are configurations that help to squeeze the most out of your code analysis. These configurations depend on the logic and environment of your application, as well as on your personal expectations of the scan results. In this blog post, we look at 5 basic options to fine-tune static analysis to your needs.

Java Security Advent Calendar 2019

1 min read 28 Nov 2019 by Johannes Dahse
The December season starts and it is our tradition at RIPS to announce and release a fun security advent calendar. We added support for the popular Java language to RIPS code analysis and hence this year we will give away a daily Java security challenge. Can you spot the vulnerability?

Integrate Security Testing with GitHub Actions

2 min read 26 Nov 2019 by Malena Ebert
As part of our latest release RIPS 3.3, we published our new integration for GitHub. It can be used as a security gateway to automatically check your application builds for the existence of security vulnerabilities and security-related code quality issues. See how RIPS can automatically protect your production server from new security bugs.

The Hidden Flaws of Archives in Java

4 min read 29 May 2019 by Johannes Moritz
Archives such as Zip, Tar, Jar or 7z are useful formats to collect and compress multiple files or directories in a container-like structure. However, the extraction of archives can introduce security risks which resulted in multiple critical vulnerabilities in popular applications in the past. In this post we explain the risk behind archive extraction and show how to securely extract archives in Java.