Features

Efficient code review.

Real-time Risk Assessment

Conduct PHP security analysis by scanning your application code with RIPS throughout the software development lifecycle to review security issues in real-time.

  • Review and patch vulnerabilities while your application is being scanned.
  • Evaluate the risk heatmap to uncover how secure your application is based on the severity and quantity of detected vulnerabilities.
  • Prioritize vulnerabilities to patch based on RIPS’ critical, high-, medium-, and low-threat categorization.
Real-time Risk Assessment
Security Compliance

Compliance & Standards

Summarize all detected PHP security issues using today’s leading industry standards. Follow the analysis and detection methodology that fits your industry and business model. Today’s industry standards include:

  • OWASP Top 10 list of vulnerabilities.
  • CWE classification.
  • SANS Top 25 list of most dangerous software errors.
  • PCI-DSS compliance requirements for handling credit card data.

Reports

Export all data as customizable PDF reports, CSV files, or any other file format by using our RESTful API.

  • Re-import the data into your issue tracking solution (e.g. JIRA).
  • Measure and demonstrate concrete progress in security.
  • Provide your leadership team with an overview of code vulnerabilities.
  • Create to-do lists.
  • Assign tasks in your ticketing system.
Security Analysis Report

Security Patch Guide

Patch Guide

Review a detailed PHP code analysis that includes an account of each vulnerability, how it impacts your code, background information on the vulnerability, and where is the best place to fix it.

  • Review a detailed explanation of the root cause of each vulnerability, how a threat actor might use the vulnerability to breach the application, and what the outcome of an exploit might be.
  • Tie vulnerabilities to the industry standards of your choice to quickly categorize each vulnerability, find further information, and swiftly take corrective action.
  • Utilize detailed vulnerability resolution guides that even inexperienced developers can follow to secure your application.
  • Quickly resolve problems without further research by reviewing the reliable and actionable information RIPS produces.

Vulnerability Resolution Management


Investigate detected issues, review the status of each vulnerability, and add comments for team collaboration.

  • Prioritize issues and manage team workflow to avoid duplicate work.
  • Flag issues according to your review status.
  • Create multiple audit teams with customized user privileges.
  • Define who can initiate new scans.
  • Determine who can review each analysis result.
Vulnerability Management
Code Summary

Code Summary

Review code summary highlights to see the relevant code lines of an issue to quickly understand the vulnerability. PHP security issues can span multiple files and functions, making it difficult to keep track of vulnerable code. RIPS summarizes and connects code lines related to the issue and speeds up the process of applying a security patch at the right location.

  • User input is highlighted in blue.
  • Sensitive operation affected by user input is highlighted in red.
  • Vulnerable string concatenation that suggests what to patch is highlighted in yellow.

Executed Context

Instantly review which sensitive operation is affected by unvalidated input from an applications user.

  • See how malicious input could tamper the application’s execution with RIPS unique context view.
  • Quickly understand a vulnerability’s impact by reviewing the executed data.
Markup Context
Static Analysis Settings



Fine-Tuning

Tailor your RIPS PHP security scanner to custom application specifications with comprehensive analysis settings.

  • Manually define sources, sinks, sanitizers, and validators.
  • Fine-tune analysis precision to your specific needs.
  • Uncover subtle vulnerabilities in your particular PHP configuration and version.
  • Specify PHP related settings such as magic_quotes_gpc and register_globals.



Application Rescan

Quickly conduct a PHP security rescan of your application's entire code multiple times during the development lifecycle to integrate continuous static code analysis and ensure secure applications.

  • Check if security vulnerabilities were resolved or not in the source code.
  • Determine if more vulnerabilities were inadvertently added.
  • Test different analysis settings.
  • Evaluate new code issues vs. old code issues.
  • Ensure that your team resolves issues before it is too late.
Security Rescan
Try out live demo

Stay current
about our latest features