Static Analysis

Language specific algorithms.

Code Analysis Example

$id = $_POST['id']; // user input
if(...) {
$id = (int)$id; // safe
else {
$id = htmlentities($id); // !
echo "<div id='$id'>"; // XSS

Cross-Site Scripting
(single-quoted attribute)
$id = $_POST['id'];

$id = htmlentities($id);

echo "<div id='$id'>";

How it works

The RIPS PHP code analysis engine is armed with innovative static code analysis algorithms that are specifically dedicated to the intricate features of the PHP language.

  • Capable of analyzing modern PHP applications for complex security vulnerabilities in minutes.
  • Supports the full feature stack of the PHP language, including object-oriented code, pitfall-prone security mechanisms, and PHP built-in functions.
  • Detects security vulnerabilities accurately by analyzing the data flow from user-controlled input parameters to sensitive operations in your application with 100% code coverage.
  • Prevents false positives by evaluating the interaction of applied security mechanisms with the different input types, markup contexts and sensitive operations.
  • Detects second-order vulnerabilities and vulnerabilities that stem from a vulnerable PHP core.

Supported PHP Versionsall (3-7)
Maximum Code Sizeunlimited
Vulnerability Types100+
Misconfiguration Types60+
Code Quality Types40+
Framework Support10+
Hosted Solution (SaaS)
Local Installation (OnPrem)
RESTful API Documentation
Continuous Integration Documentation
CLI Tool Documentation

With less than 1% false positive reports RIPS helped us turn our monster app
into a more safe and trusted platform.

Wesley Abbenhuis, Software Engineer, Inforing


Stay current
about our latest features