Filter by tag: insights

The Hidden Flaws of Archives in Java

7 min read 29 May 2019 by Johannes Moritz
Archives such as Zip, Tar, Jar or 7z are useful formats to collect and compress multiple files or directories in a container-like structure. However, the extraction of archives can introduce security risks which resulted in multiple critical vulnerabilities in popular applications in the past. In this post we explain the risk behind archive extraction and show how to securely extract archives in Java.

How to add a Security Gateway to TeamCity

6 min read 30 Apr 2019 by Malena Ebert
With our latest release RIPS 3.1 we published our new integration plugin for TeamCity. It is implemented as a security gateway to automatically check your code builds for the existence of security vulnerabilities and related code quality issues. See how RIPS can automatically protect your production server from new security bugs.

Java Security Analysis for IntelliJ IDEA

11 min read 19 Mar 2019 by Julian Karl, Amin Dada
Detecting vulnerabilities as early as possible in the development process is crucial to minimize the costs of security flaws. With the help of our IntelliJ IDEA plugin, RIPS leading Java code analysis can be fully integrated into your developer editor to detect and resolve security issues in real-time. In this blog post, we introduce new plugin features and present a typical use case.

5 Best Practices for your SAST Evaluation

20 min read 26 Feb 2019 by Johannes Dahse
Choosing the right solution for automated security testing is hard. A good way is to run a proof of concept (POC) of different vendors so you can verify marketing claims before adding another software to your stack. Our best practices can help to prepare an efficient and thorough evaluation so you can unmask snake oil from cutting-edge technology and make the best choice.

Security Testing Plugin for Maven & Gradle

9 min read 5 Feb 2019 by Julian Karl, Amin Dada
We are pleased to announce integration support for the two major build automation tools Apache Maven and Gradle. Both plugins enable to add our static code analysis solution to your build process and to provide a streamlined way to configure and start a new security scan for your Java applications.