The new RIPS engine is armed with innovative code analysis algorithms that are specifically dedicated to the intricate features of the PHP language. It is capable of analyzing modern PHP applications for complex security vulnerabilities within minutes. The full feature stack of the PHP language is supported, including object-oriented code, pitfall-prone security mechanisms, and PHP built-in functions. Security vulnerabilities are accurately detected by analyzing the data flow from user-controlled input parameters to sensitive operations in your application with 100% code coverage. By evaluating the interaction of applied security mechanisms with the different input types, markup contexts, and sensitive operations, false alarms are prevented and detailed remediation instructions are presented.
The OWASP Top 10 provides a list of the 10 most critical security risks that occur frequently in web applications. It is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, and FTC.
RIPS is able to identify 9 out of the 10 risks and it helps you to quickly locate them in your project!
|See examples in our|
All detected security issues are available in real-time when your application is scanned. You can follow the current risk assessment of your application and directly begin to review the first issues - even if the scan is not complete yet.
Our risk heatmap shows the overall security state of your application, based on the severity and quantity of detected security vulnerabilities. These are categorized into critical, high, medium, and low issues in order to prioritize the urgency to review.
For each detected security vulnerability, detailed information about the type of vulnerability in general, as well as the specific occurrence is given. RIPS explains the root cause of the issue and what impact a successful attack can cause.
Additionally, RIPS offers a detailed guide to the solution - even for unexperienced developers. This provides users with reliable information at hand in order to quickly resolve the problem without the need for further research.
When investigating a detected issue, you can update the review status of each vulnerability and add a comment. This helps to prioritize issues and to manage the workflow within your team.
For example, already patched issues can be marked as fixed or currently investigated issues can be marked as in progress in order to avoid duplicate work.
The code summary highlights only the relevant code lines in order to make understanding the vulnerability quick and easy.
Security issues can span over multiple files and functions, making it difficult to keep track of vulnerable code. RIPS summarizes and connects code lines related to the issue and speeds up the process of applying a security patch at the right spot.
Unvalidated input from an application's user is the root cause for almost all security issues in modern web applications. Depending on how this user input is used in which sensitive operation of your application, different types of vulnerabilities can occur.
Our context view instantly shows which sensitive operation is affected and how exactly malicious input can tamper its execution. This is extremely valuable to abstract from the affected code lines and to understand the vulnerability's impact.
The comprehensive analysis settings make it possible to tailor RIPS specifically to your application.
Our analysis settings include the definition of new sources, sinks, sanitizers, validators, and ignores with full OOP support. In addition to that, it is possible to specify PHP related settings such as magic_quotes, register_globals, and the PHP version itself.
Rescan your application to check if the security vulnerabilities were resolved, newly added or still remain in the source code.
Rescanning an application multiple times during the development lifecycle is an important step towards continous integration of static code analysis. You are able to test different analysis settings, test new code, or check if issues were resolved by your team.