This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress core in versions prior to 5.2.4.

Static code analysis is a powerful tool for automated security testing of applications. The more an analysis is tailored to your programming language and individual code, the more efficient and accurate are the results. In the second part of our fine-tuning guide, we dive deeper into our analysis approach and how to fully customize it with 5 advanced settings.

A good SAST solution works out-of-the-box for any code base. But there are configurations that help to squeeze the most out of your code analysis. These configurations depend on the logic and environment of your application, as well as on your personal expectations of the scan results. In this blog post, we look at 5 basic options to fine-tune static analysis to your needs.

The December season starts and it is our tradition at RIPS to announce and release a fun security advent calendar. We added support for the popular Java language to RIPS code analysis and hence this year we will give away a daily Java security challenge. Can you spot the vulnerability?

As part of our latest release RIPS 3.3, we published our new integration for GitHub. It can be used as a security gateway to automatically check your application builds for the existence of security vulnerabilities and security-related code quality issues. See how RIPS can automatically protect your production server from new security bugs.