Static Analysis

Language specific algorithms.

How it works

The RIPS PHP code analysis engine is armed with innovative static code analysis algorithms that are specifically dedicated to the intricate features of the PHP language.

  • Capable of analyzing modern PHP applications for complex security vulnerabilities in minutes.
  • Supports the full feature stack of the PHP language, including object-oriented code, pitfall-prone security mechanisms, and PHP built-in functions.
  • Detects security vulnerabilities accurately by analyzing the data flow from user-controlled input parameters to sensitive operations in your application with 100% code coverage.
  • Prevents false positives by evaluating the interaction of applied security mechanisms with the different input types, markup contexts and sensitive operations.
  • Detects second-order vulnerabilities and vulnerabilities that stem from a vulnerable PHP core.

Supported PHP Versionsall (3-7)
Maximum Code Sizeunlimited
Vulnerability Types100+
Code Quality Types40+
Security ReportsDashboard, PDF, CSV
Hosted Solution
Local Installation
RESTful API Documentation
Continuous Integration Documentation
CLI Tool Documentation

With less than 1% false positive reports RIPS helped us turn our monster app
into a more safe and trusted platform.

Wesley Abbenhuis, Software Engineer, Inforing


Code Analysis Example

$id = $_POST['id']; // user input
if(...) {
$id = (int)$id; // safe
else {
$id = htmlentities($id); // !
echo "<div id='$id'>"; // XSS

Cross-Site Scripting
(single-quoted attribute)
$id = $_POST['id'];

$id = htmlentities($id);

echo "<div id='$id'>";

Stay current
about our latest features