Filter by tag: java

The Hidden Flaws of Archives in Java

7 min read 29 May 2019 by Johannes Moritz
Archives such as Zip, Tar, Jar or 7z are useful formats to collect and compress multiple files or directories in a container-like structure. However, the extraction of archives can introduce security risks which resulted in multiple critical vulnerabilities in popular applications in the past. In this post we explain the risk behind archive extraction and show how to securely extract archives in Java.

RIPS 3.1: TeamCity, LDAP and JSP Support

6 min read 8 Apr 2019 by Hendrik Buchwald
We are happy to announce the next release of our static application security testing solution. RIPS 3.1 adds useful features to the user interface, enables more integration options, and significantly improves the code analysis.

LogicalDOC 8.2 Path Traversal Vulnerability

10 min read 26 Mar 2019 by Johannes Moritz
LogicalDOC is a global software company offering a popular Java-based document management solution as a community or enterprise edition of the same name. In this blog post we will examine a path traversal vulnerability (CVE-2019-9723) which allows malicious guest users to steal arbitrary documents and files from the server.

Java Security Analysis for IntelliJ IDEA

11 min read 19 Mar 2019 by Julian Karl, Amin Dada
Detecting vulnerabilities as early as possible in the development process is crucial to minimize the costs of security flaws. With the help of our IntelliJ IDEA plugin, RIPS leading Java code analysis can be fully integrated into your developer editor to detect and resolve security issues in real-time. In this blog post, we introduce new plugin features and present a typical use case.

Security Testing Plugin for Maven & Gradle

9 min read 5 Feb 2019 by Julian Karl, Amin Dada
We are pleased to announce integration support for the two major build automation tools Apache Maven and Gradle. Both plugins enable to add our static code analysis solution to your build process and to provide a streamlined way to configure and start a new security scan for your Java applications.