Our unique Approach
Static code analysis algorithms dedicated to each programming language.
Background: Static Code Analysis
Static analysis (or static application security testing) is performed solely on the source code of an application without executing it. The complete source code is transformed into an abstract model that is then analyzed for security vulnerabilities. More precisely, taint analysis follows data flow of user input that the application receives across file and function boundaries. If user input is used in a security sensitive operation (such as a SQL query) an attacker could malform this operation and thus a security vulnerability is reported (e.g. a SQL injection vulnerability).
The RIPS Approach
Comparing Code Scanning Approaches
During static analysis, the source code of an application doesn't have to be running, functional, or even complete. Code can be analyzed for vulnerabilities and security risks while the application is being developed. Developers can, and should, scan the code continuously throughout the software development lifecycle. This way, they can discover code vulnerabilities as early as possible, while the code is being written. All security issues discovered can be pinpointed to the exact line of code for quick remediation. For more information on static analysis solutions, please read our blog.
Analysis Profiles for Ultimate Fine-Tuning
RIPS allows you to analyze source code straight out of the box without time consuming configuration. Advanced users can tailor our analysis engines and algorithms to their specific environments to maximize code analysis precision.