Hibernate is among one of the most commonly found database libraries used in Java web applications, shipping with its own query language. This technical post will teach you how to detect and exploit Hibernates very own vulnerability: The HQL Injection.

We are very proud to announce a new product release today: RIPS 3.4 adds support for in-depth security analysis of Node.js applications! Our unique rapid code patching technology now generates code fixes specific to your framework. New security summary reports keep you up-to-date via email. Our Java and PHP engine have been significantly improved, as well as our Data Center Edition. Find out more!

This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress core in versions prior to 5.2.4.

Static code analysis is a powerful tool for automated security testing of applications. The more an analysis is tailored to your programming language and individual code, the more efficient and accurate are the results. In the second part of our fine-tuning guide, we dive deeper into our analysis approach and how to fully customize it with 5 advanced settings.

A good SAST solution works out-of-the-box for any code base. But there are configurations that help to squeeze the most out of your code analysis. These configurations depend on the logic and environment of your application, as well as on your personal expectations of the scan results. In this blog post, we look at 5 basic options to fine-tune static analysis to your needs.