Description
The superior security software for PHP applications. RIPS Technologies specializes in web application security and delivers a highly efficient software solution for the automated code analysis of web applications. Our innovative static code analysis techniques enable a precise detection of even complex security vulnerabilities no other solution can detect. Detailed instructions help developers and consultants to quickly remmidiate detected issues before they are targeted by attackers.
Tell your friends
RECENT FACEBOOK POSTS
facebook.comSoftware development must be kept efficient, easy, and manageable. However, the challenge of writing secure software is often hardly compatible with these goals. Learn how to solve this problem with the continuous integration of RIPS into your SDLC in our 18th advent calendar post: https://blog.ripstech.com/2016/continuous-integration-jenkins-at-your-service/
RIPS - The State of Wordpress Security
We analyzed the complete Wordpress plugin repository with our security solution RIPS. Find out more about the state of Wordpress security in our 14th advent calendar post. https://blog.ripstech.com/2016/the-state-of-wordpress-security/
Find out how attackers were able to steal passwords from the password manager Teampass and how these security risks could be automatically detected and subsequently remediated with our code analysis solution RIPS. https://blog.ripstech.com/2016/teampass-unauthenticated-sql-injection/
The 7th gift in our advent calendar describes the exploitation of a file upload in the popular Serendipity blog software. Although a security mechanism is in place, an attacker can bypass the file extension check and upload malicious files to the web server which leads to code execution. Find out how in our blog post. https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/
RIPS - Roundcube 1.2.2: Command Execution via Email
In todays calendar gift, we describe a highly critical security vulnerability in the widely distributed email platform Roundcube. Ironically, an attacker can execute arbitrary commands on the platform's system by using the most essential feature: writing an email. https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
RIPS - Introducing the RIPS analysis engine
Today we are excited to provide a peek into our code analysis engine that detected the security bugs we release as part of our advent calendar 2016. Based on an example, we reveal what is going on behind the scenes when you press the magic "scan" button. https://blog.ripstech.com/2016/introducing-the-rips-analysis-engine/
In our second advent calendar gift we describe a second-order command execution vulnerability in the Coppermine gallery where an attacker's payload is first stored in the database and then used again in a second step in a system command. Find out how this vulnerability and others were detected with our automated code analysis solution RIPS in 53 seconds. https://blog.ripstech.com/2016/coppermine-second-order-command-execution/
RIPS - FreePBX 13: From Cross-Site Scripting to Remote Command Execution
We opened our first advent calendar gift: A technical description of a critical Remote Command Execution vulnerability in the popular private branch exchange software FreePBX that was detected and fixed with the help of our code analysis solution RIPS. https://blog.ripstech.com/2016/freepbx-from-cross-site-scripting-to-remote-command-execution/
RIPS - Announcing the Advent of PHP Application Vulnerabilities
As the year is slowly coming to an end and the Christmas decorations are starting to brighten up the streets, RIPS Technologies decided to give back to the wonderful community surrounding PHP and information security. Starting on December 1st, we are going to open one gift of our advent calendar each day until the 24th. Our gifts are technical blog posts about specific real-world security vulnerabilities in open-source PHP applications that we detected by using our static code analysis tool RIPS. https://blog.ripstech.com/2016/apav-advent-of-php-application-vulnerabilities/
Timeline Photos
Get a live demo of our code analysis solution RIPS at the most influential security exhibition it-sa 2016 in Nuremberg on 18-19 October 2016! https://www.it-sa.de/ Hall: 12.0-365
Building a more secure communications platform
FreePBX is building a more secure communications platform with our static code analysis solution RIPS. As a result, multiple critical security issues were detected and patched that remained undetected in the code base for years. "RIPS has found many code issues that we may not have found in a manual review of the FreePBX code base and has helped us to strengthen the security of FreePBX." https://www.freepbx.org/building-a-more-secure-communications-platform/
Finetune your custom rules in order to squeeze the maximum out of our security analysis solution RIPS with our advanced analysis settings. You can find a live demo here: https://demo.ripstech.com/settings/
Quiz
