Web Application Security, RIPS Code Analysis ripstech.com
Joined May 2010
- Tweets 938
- Following 623
- Followers 3,056
- Likes 610
9 Photos and videos
Reiners retweeted
24 Apr 2025
📊⚠️ Data in danger!
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
sonarsource.com/blog/data-in…
#appsec #security #vulnerability
9
37
2,691
Reiners retweeted
28 Jan 2025
📁 Using polyglot file and RXSS to achieve one-click RCE on a Voyager instance.
Read more about how SonarQube Cloud detected CVE-2024-55417 in our latest blog post:
sonarsource.com/blog/the-tai…
#appsec #security #vulnerability
15
46
3,806
Reiners retweeted
17 Dec 2024
Exciting news! Sonar has entered a definitive agreement to acquire open source software supply chain security provider @Tidelift. Together, we'll work to enhance the security & resilience of open source.
More: bit.ly/4frtd0q
#devsecops #SLDC #SSDF #softwaresupplychain
4
11
889
Reiners retweeted
22 Oct 2024
CVE-2024-35219: Arbitrary File Read and Delete in OpenAPI Generator
Check out our latest blog post, in which we explain how @SonarCloud unveiled the complex taint flow behind this critical vulnerability in OpenAPI Generator:
sonarsource.com/blog/the-pow…
#security #vulnerability
15
37
3,870
Reiners retweeted
6 Oct 2024
This talk was nothing short of amazing. The content and the delivery were both amazing.
2 Oct 2024
Having trouble exploiting a file write vulnerability?
Don't miss our @hexacon_fr talk to learn more about unconventional attack surfaces that can turn a file write into code execution – even in hardened environments!
We'll follow up with a related blog post later.
#HEXACON2024
3
44
2,558
Reiners retweeted
3 Oct 2024
❇️ Introducing AI Code Assurance and AI CodeFix for SonarQube and SonarCloud
AI Code Assurance supports the safe and effective use of GenAI coding assistants while AI CodeFix leverages AI to generate resolutions for bugs with one click!
Read here 👇
bit.ly/3TX3026
7
14
2,437
Reiners retweeted
29 Sep 2024
We won justCTF finals!!! 🥳🎉 Thank you so much @justCatTheFish for the awesome event in Krakow. See you next year 👀🚀
29 Sep 2024
#justCTF24 finals ended! Congrats to the top 3 teams:
🥇@fluxfingers
🥈@ECSC_TeamFrance
🥉@thehackerscrew1
31 teams captured 301 flags 🔥
Thanks to our sponsors: @trailofbits @osec_io @TechlandGames @Orange_Polska @burp_Suite @SECFORCE_LTD @HexRaysSA @intigriti @Artixen1 🙏
2
9
62
5,528
Reiners retweeted
13 Aug 2024
A shoutout to @Sonar_Research for this awesome visualizer. @4ng3lhacker and I used it extensively during our @BugBountyDEFCON workshop on Sunday when we discussed UTF-8 decoding issues!
26 Jul 2024
Have you ever had the feeling of not fully understanding how UTF-8 works?
Take a look at our UTF-8 visualizer, which allows you to play around with UTF-8 on a bit level:
sonarsource.github.io/utf8-v…
1
6
18
2,678
Reiners retweeted
24 Sep 2024
Join us at OWASP SF for our talk, "Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail" to discover why client-side sanitization is crucial for a secure web. Can't make it? Stay tuned for our upcoming blog post.
#OWASP #GlobalAppSecSanFran
8
28
3,498
Reiners retweeted
27 Aug 2024
Critical Roundcube XSS technical details: Desanitization, unsafe Content-Types, CSS exfiltration, and a Service Worker come together to persistently leak emails from a victim's browser.
Read about it here:
sonarsource.com/blog/governm…
(CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)
1
53
109
15,813
Reiners retweeted
7 Aug 2024
Join Paul Gerste of @Sonar_Research for a @defcon talk that explores smuggling attacks against database wire protocols! He will delve into the ongoing concern of SQL injections by demonstrating how attackers can inject entire (No)SQL statements into database connections.
9
33
6,641
Reiners retweeted
5 Aug 2024
Critical XSS in Roundcube webmail⚠
A victim only has to view a malicious email. As reported by @ESETresearch, APTs have exploited similar vulns in the past to steal government emails.
Our announcement:
sonarsource.com/blog/governm…
(CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)
24
99
7,450
Reiners retweeted
25 Jul 2024
In this blog, @Sonar_Research investigates some potential code issues behind the recent CrowdStrike outage, highlighting that while security is highly prioritized, reliability and maintainability issues are frequently overlooked
Full story 👉 bit.ly/3WDnbUk
5
8
2,169
Reiners retweeted
15 Jul 2024
🔥 XSS on any website with missing charset information? 😳
Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post:
sonarsource.com/blog/encodin…
#appsec #security #vulnerability
7
205
612
108,862
Reiners retweeted
2 Jul 2024
⚠️ Unpatched RCE vulnerabilities in Gogs ⚠️
We discovered 4 critical vulnerabilities in the code hosting solution Gogs! Read the details and learn how to protect yourself:
sonarsource.com/blog/securin…
#appsec #security #vulnerability #golang
15
43
4,059
Reiners retweeted
9 Jul 2024
🗑️ From File Delete to RCE 🔥
In part 2 of our Gogs series, we revisit how attackers can use weak primitives for a big impact! These vulnerabilities are still unpatched; don't miss the details:
sonarsource.com/blog/securin…
#appsec #security #vulnerability #golang
13
38
4,089
Reiners retweeted
11 Jul 2024
SQLi via... binary protocol smuggling?! This upcoming #defcon32 talk from @pspaul95 & @Sonar_Research sounds awesome! defcon.org/html/defcon-32/dc…
9
83
485
46,175
Reiners retweeted
18 Jun 2024
🐮Re-moo-te Code Execution in mailcow!
Dive into our analysis of two vulnerabilities we found in the mail suite mailcow. Learn how attackers can go from XSS to RCE, and why it's important to sanitize your error messages:
sonarsource.com/blog/remote-…
#appsec #security #vulnerability
1
22
52
5,413
Reiners retweeted
8 Jun 2024
Since I'm 6 drinks in for 20 bucks, let me tell you all about the story of how the first Microsoft Office 2007 vulnerability was discovered, or how it wasn't.
This was a story I was gonna save for a book but fuck it, I ain't gonna write it anyways.
244
2,209
25,033
5,200,379
Reiners retweeted
14 May 2024
As models are advanced, we must continue to not stoke fear: AI that is not sentient cannot replace human creativity. It can only help deliver it.
We are in the age of Copilots, not commanders. And we will be for some time.
6
15
88
11,454