Efficient code review.

Real-time Risk Assessment

Conduct PHP security analysis by scanning your application code with RIPS throughout the software development lifecycle to review security issues in real-time.

  • Review and patch vulnerabilities while your application is being scanned.
  • Evaluate the risk heatmap to uncover how secure your application is based on the severity and quantity of detected vulnerabilities.
  • Prioritize vulnerabilities to patch based on RIPS’ critical, high-, medium-, and low-threat categorization.
Real-time Risk Assessment
Security Compliance

Compliance & Standards

Summarize all detected PHP security issues using today’s leading industry standards. Follow the analysis and detection methodology that fits your industry and business model. Today’s industry standards include:

  • OWASP Top 10 list of vulnerabilities.
  • OWASP ASVS checklist of application security requirements.
  • CWE classification of common weaknesses.
  • SANS Top 25 list of most dangerous software errors.
  • PCI-DSS compliance requirements for handling credit card data.
  • HIPAA compliance requirements for handling health care data.


Export all data as customizable PDF reports, CSV files, or any other file format by using our RESTful API.

  • Re-import the data into your issue tracking solution (e.g. JIRA).
  • Measure and demonstrate concrete progress in security.
  • Provide your leadership team with an overview of code vulnerabilities.
  • Create to-do lists.
  • Assign tasks in your ticketing system.
Security Analysis Report
Security Monitor

Security Monitor

Get a high level overview of the security state of all of your scanned applications. Customize your security monitor based on your needs.

  • Use different views to quickly pinpoint high-risk applications.
  • Fine-tune severity thresholds for your personal alarm states.
  • Define weights for critical, high, medium, and low severity issues.
  • Permanently store your custom monitor settings.

Patch Guide

Review a detailed PHP code analysis that includes an account of each vulnerability, how it impacts your code, background information on the vulnerability, and where is the best place to fix it.

  • Review a detailed explanation of the root cause of each vulnerability, how a threat actor might use the vulnerability to breach the application, and what the outcome of an exploit might be.
  • Tie vulnerabilities to the industry standards of your choice to quickly categorize each vulnerability, find further information, and swiftly take corrective action.
  • Utilize detailed vulnerability resolution guides that even inexperienced developers can follow to secure your application.
  • Quickly resolve problems without further research by reviewing the reliable and actionable information RIPS produces.

Security Patch Guide
Vulnerability Management

Vulnerability Resolution Management

Investigate detected issues, review the status of each vulnerability, and add comments for team collaboration.

  • Prioritize issues and manage team workflow to avoid duplicate work.
  • Flag issues according to your review status.
  • Create multiple audit teams with customized user privileges.
  • Define who can initiate new scans.
  • Determine who can review each analysis result.

Code Summary

Review code summary highlights to see the relevant code lines of an issue to quickly understand the vulnerability. PHP security issues can span multiple files and functions, making it difficult to keep track of vulnerable code. RIPS summarizes and connects code lines related to the issue and speeds up the process of applying a security patch at the right location.

  • User input is highlighted in blue.
  • Sensitive operation affected by user input is highlighted in red.
  • Vulnerable string concatenation that suggests what to patch is highlighted in yellow.
Code Summary
Markup Context

Executed Context

Instantly review which sensitive operation is affected by unvalidated input from an applications user.

  • See how malicious input could tamper the application’s execution with RIPS unique context view.
  • Quickly understand a vulnerability’s impact by reviewing the executed data.


Tailor your RIPS PHP security scanner to custom application specifications with comprehensive analysis settings.

  • Create application specific analysis profiles.
  • Manually define sources, sinks, sanitizers, and validators.
  • Fine-tune analysis precision to your specific needs.
  • Select the vulnerability types that are included into your analysis.
  • Uncover subtle vulnerabilities in your particular PHP configuration and version.
  • Specify PHP related settings such as magic_quotes_gpc and register_globals.
  • Control the analysis depth for a custom tradeoff between hardware resources, analysis time, and analysis results.
Static Analysis Settings
Security Rescan

Application Rescan

Quickly conduct a PHP security rescan of your application's entire code multiple times during the development lifecycle to integrate continuous static code analysis and ensure secure applications.

  • Check if security vulnerabilities were resolved or not in the source code.
  • Determine if more vulnerabilities were inadvertently added.
  • Test different analysis settings.
  • Evaluate new code issues vs. old code issues.
  • Ensure that your team resolves issues before it is too late.
Use Online Dashboard

Stay current
about our latest features