Today we celebrate a key milestone in our company’s history: RIPS Technologies has been acquired by SonarSource, the company behind the popular developer products SonarQube, SonarCloud and SonarLint. We are joining forces with our full team to combine the best breed of both static analysis companies and to begin a new era of SAST solutions.

ImpressCMS is a free, community-driven content management system written in PHP, which considers itself to be secure, fast, and modular. This post shows us that inconspicuous variables may be under the influence of the user and thus can result in critical security vulnerabilities.

The OWASP Benchmark suite aims at measuring the quality of vulnerability detection tools by exposing both actual and false vulnerabilities within hundreds of test cases. Our SAST solution RIPS is able to achieve 100% true positives at 0% false positives for this suite—something no other SAST solution has achieved so far. In this blog post, we publish our results and discuss the pros and cons of popular benchmark suites.

Hibernate is among one of the most commonly found database libraries used in Java web applications, shipping with its own query language. This technical post will teach you how to detect and exploit Hibernates very own vulnerability: The HQL Injection.

We are very proud to announce a new product release today: RIPS 3.4 adds support for in-depth security analysis of Node.js applications! Our unique rapid code patching technology now generates code fixes specific to your framework. New security summary reports keep you up-to-date via email. Our Java and PHP engine have been significantly improved, as well as our Data Center Edition. Find out more!