How to implement RIPS code analyser in your php script

RIPS is a static code analysis tool to automatically scan vulnerabilities for your PHP applications. Johannes Dahse the developer of RIPS is released the initial version in May 2010 as open source software. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

Static code analysis attempt to highlight possible vulnerabilities from your static PHP source code by using techniques such as traint analysis and data flow analysis. Ideally, such tools would automatically find security loop flaws-with high degree of confidence, this is beyond the art for many types of application security flaws.

Bellow critical security vulnerabilities were detected by RIPS

The critical security vulnerabilities which were detected by RIPS during static code analysis are Remote Code Execution, SQL Injection, Cross-Site Scripting, Remote Code Execution, Local File Inclusion, PHP Object Injection and etc..

RIPS Requirements

• Web server: Apache or Nginx recommended
• PHP: latest version recommended
• browser: Firefox recommended

RIPS Supports Vulnerability Types

The detection of the following vulnerability types is supported:

• Code Execution
• Command Execution
• Connection String Injection
• Cross-Site Scripting
• HTTP Response Splitting
• File Disclosure
• File Inclusion
• File Manipulation
• LDAP Injection
• PHP Object Injection
• SQL Injection
• XPath Injection

Download + Install Setup

• Download the latest release Of RIPS from Github.
• Extract the files to your local server root directory and make sure your web server has file permissions.
• Open your browser at http://localhost/rips/ and follow the instructions on the main page.

See screenshot below

Recommended Posts:

• PHP Program to print mirror image of Swastika Pattern
• 5 Tools for Analyzing and Parsing Your PHP Code
• PHP tutorial for beginners with examples
• Simple PHP Programs
• PHP Basic – Exercises, Practice, Solution with Output
• How to Keep Values Selected After Form Submission
• How to Download and Save a Remote Image Using PHP
• How to find latitude and longitude from zipcode with example
• How to Generate a PDF and Send as Attachment in Email
• How to Find Address With Latitude and Longitude

Prem Tiwari

An engineer by profession and a passionate blogger by heart. Founder of FreeWebMentor.com (A Programming blog for beginners), Tech Speaker at various forums. A part from this he is an open source enthusiast, WordPress Lover, Blogger, SEO, and Growth Strategic.

Article Tags: PHP, rips code analyser, rips static code analyser, Security