What Security Experts Say
We evaluated a few products and chose RIPS because it performs really well, and has a strong ability to follow tainted data across the scanned application - which is very important for any SAST solution. Further, our security champions learn more from RIPS findings, as they gain a much better understanding of the vulnerabilities discovered during scans.
Here is one of the few security products, that is not snakeoil: RIPS. We use it all the time.
We've invested in the onsite RIPS product to enhance the speed at which we can assess the many custom PHP Wordpress plugins and management tools our customers deploy. Spending less time finding vulnerabilities means we can spend more time writing proof of concept exploits which adds value to our engagements!
At Doyensec we are often tasked with testing complex and well-vetted systems. When dealing with PHP and Java, RIPSTech provides the right tool to quickly assess the application’s security posture before performing manual investigation. Johannes and the team have done amazing work with developing the best solution for static code analysis. The technology has a low false positive rate and is constantly updated, keeping the scanner aligned with the fast changing landscape of technology and security threats.
IncludeSec has executed security assessments for hundreds of tech companies and worked with a variety of SAST tools. Our engagement time is often limited, as such speed and comprehensiveness are must-haves. With RIPS' unique efficiency, accuracy, and coverage we find more bugs in less time. RIPS is, without doubt, the most comprehensive PHP static code analyzer today and a game changer for assessments!
We are passionate about security and take pride in our work, as such, its quality is of utmost importance. In a recent assessment we had to quickly identify weaknesses within 8 million lines of code which is impossible to do manually. RIPS identified vulnerabilities within only 1 hour and allowed us to drastically reduce our testing time. The team behind it is by far a reference in terms of PHP security.
As a leading consultancy for PHP and related technologies, we commonly perform code reviews which often include security audits. In addition to our in-depth manual reviews we also use static code analyzers to assess a code base. RIPS adds great value because it allows us to quickly measure (in-)security, and helps to address all detected issues in a well-structured fashion.