1 min read 28 Nov 2019 by Johannes Dahse
5 min read 12 Nov 2019 by Martin Bednorz
RIPS 3.3 is now available! It enables to scale our cutting-edge SAST technology to large teams and applications. Run parallel scans with our new data center edition, increase analysis depth with an improved dependency and framework analysis, and enjoy an upgraded user experience with new notifications, user activity statistics, and a RIPS health check.
6 min read 3 Sep 2019 by Johannes Moritz
Bitbucket is one of the worlds leading version control software allowing millions of developers to manage Git repositories and collaborate on source code. Bitbucket is developed by the Australian software company Atlassian which is also kown for Confluence and Jira. In this blog post we will analyse how a common but often overseen security issue found by RIPS Code Analysis leads to a critical vulnerability in Bitbucket (CVE-2019-3397). The issue is caused by the insecure extraction of a compressed TAR archive.
6 min read 25 Jun 2019 by Johannes Moritz
In this blog post we will show how to exploit a SQL injection vulnerability (CVE-2019-12872) found by RIPS Code Analysis in the popular java-based content management system dotCMS and how we escalated it to execute code remotely.