News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Project:
RIPS - Static Source Code Analyzer for Vulnerabilities in PHP Scripts
March 20, 2012 @ 10:34:35

Gareth Heyes has pointed out an interesting tool today for analyzing the source of your application and trying to discover security-related issues: RIPS

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

The project site lists out the features that come with the tool, what it searches for (including command execution issues, header injection, file manipulation and SQL injection) and some example screenshots of its interface. You can download the latest version and try it out for yourself.

0 comments voice your opinion now!
rips security analyze code tool project


blog comments powered by Disqus

Similar Posts

Project: ArrBDD - a Behavior-Driven Development Library for PHP 5

Matthew Weier O'Phinney's Blog: How to Contribute to ZF2

Builder.com.au: LAMP lights way on open source security

Fabien Potencier: PHP CS Fixer finally reaches version 1.0

Developer Drive: Building a PHP Ad Tracker: Data Object Design and Coding


Community Events

Don't see your event here?
Let us know!


laravel5 opinion unittest voicesoftheelephpant interview framework extension api laravel community series release introduction library example language php7 version list podcast

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework