What is PHP Object Injection

9 Oct 2018 by Simon Scannell

PHP Object Injections

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.

Read More

Symfony Configuration Cheat Sheet

27 Sep 2018 by Nils Werner

Symfony Configuration Cheat Sheet

Symfony is one of the most widely used PHP frameworks with many components and options. Our Symfony Configuration Cheat Sheet shows how to ensure a secure baseline for your framework in 10 steps.

Read More

Framework Misconfiguration Analysis with RIPS

21 Aug 2018 by Nils Werner

Framework Misconfiguration

PHP frameworks such as Symfony, Laravel and CodeIgniter come with a variety of functions and components that make it easier for developers to build their application. However, various settings and configurations can have far-reaching consequences for security. Next to our unique and in-depth analysis for exploitable security vulnerabilities, RIPS is now also able to detect security weaknesses that stem from insecure configurations.

Read More

New PHP Exploitation Technique Added

14 Aug 2018 by Dr. Johannes Dahse

PHP Exploitation Technique

Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.

Read More

Scan, Verify and Patch in Minutes: TikiWiki 17.1 SQLi

19 Jul 2018 by Karim El Ouerghemmi
Tikiwiki SQLi

TikiWiki is an open source software that offers a wiki-style based content management system. It has more than 1.25 million downloads and a large code base of around 1.7 million lines of code. In this blog post, we demonstrate step by step how we used our leading RIPS Code Analysis solution to detect and verify a SQL injection vulnerability in minutes.

Read More