Friday, 10 December 2010
RIPS - PHP Static Source Code Analyzer
RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security (www.php-security.org).
In this submission a tool named RIPS is introduced which automates the process of identifying potential security flaws in PHP source code by using static source code analysis. RIPS is open source and freely available at http://www.sourceforge.net/projects/rips-scanner/. The result of the analysis can easily be reviewed by the penetration tester in its context without reviewing the whole source code again. Given the limitations of static source code analysis, a vulnerability needs to be confirmed by the code reviewer.
In this submission a tool named RIPS is introduced which automates the process of identifying potential security flaws in PHP source code by using static source code analysis. RIPS is open source and freely available at http://www.sourceforge.net/projects/rips-scanner/. The result of the analysis can easily be reviewed by the penetration tester in its context without reviewing the whole source code again. Given the limitations of static source code analysis, a vulnerability needs to be confirmed by the code reviewer.
Bookmark this post: | 
|
Subscribe to:
Post Comments (Atom)