RIPS is a static code analysis tool to automatically scan vulnerabilities for your PHP applications. Johannes Dahse the developer of RIPS is released the initial version in May 2010 as open source software. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.
Static code analysis attempt to highlight possible vulnerabilities from your static PHP source code by using techniques such as traint analysis and data flow analysis. Ideally, such tools would automatically find security loop flaws-with high degree of confidence, this is beyond the art for many types of application security flaws.
The critical security vulnerabilities which were detected by RIPS during static code analysis are Remote Code Execution, SQL Injection, Cross-Site Scripting, Remote Code Execution, Local File Inclusion, PHP Object Injection and etc..
The detection of the following vulnerability types is supported:
Prem Tiwari is the founder of FreeWebMentor.com and also a professional developer who has vast experience in PHP and open source technologies. Apart from this, he is a blogger by hobby and also he has been a regular speaker of WordPress sessions in various IT Companies. View all posts by Prem Tiwari