Filter by tag: insights

Integrate Security Testing into PhpStorm

7 min read 20 Feb 2018 by Julian Karl
PhpStorm is one of the leading IDEs for developing PHP applications. Although it offers code analysis features in the range of code completion and code quality analysis it is not able to detect pervasive security issues, such as Cross-Site Scripting or SQL Injection. With the help of our PhpStorm plugin you can seamlessly integrate our best-in-class security analysis directly into PhpStorm and detect critical vulnerabilities at the lowest cost point.

PHP Security Advent Calendar 2017

1 min read 30 Nov 2017 by Johannes Dahse
We are happy to announce this year’s PHP security advent calendar where we will release a new calendar gift from December 1st to 24th. This year, we will focus on nifty PHP pitfalls and release a daily code challenge for you to solve. Can you spot the daily security bug?

WordPress Plugin Vulnerabilities 2017 VS. Static Analysis

11 min read 29 Nov 2017 by Johannes Dahse
WordPress plugins are widely adopted and an attractive target for attackers. In this technical blog post we analyze the most critical vulnerabilities in WordPress plugins of 2017 and share insights about how static code analysis can detect these.

Security Analysis with Bamboo Plugin

5 min read 25 Oct 2017 by Martin Bednorz
Bamboo is a widely used software that enables continuous integration, deployment, and delivery of software applications. This blog post introduces our Bamboo integration and how it can be used to continuously analyze your application with RIPS. By automatically detecting and warning about security issues, your production server can be protected from new vulnerabilities.

How To Automate Security Analysis with the RIPS API

14 min read 23 Aug 2017 by Hendrik Buchwald
In this blog post the architecture of the RIPS API is explained and the advantages of a RESTful API are shown. To demonstrate the simplistic nature of our interface, a small CI integration example is given that will reject code commits with security issues and hence protects the production server from new vulnerabilities.