RIPS


RIPS is a static code analysis software for the automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security in May 2010 as open-source software. The open-source version is released under the Lesser GNU General Public License and was maintained until 2013.
In 2016, a new and rewritten version of RIPS was released as software product by RIPS Technologies, a high-tech company based in Bochum, Germany. The new RIPS product overcomes limitations of the open source tool and addresses industrial needs. Its novel analysis techniques were awarded, amongst others, with the Internet Defense Prize by Facebook.

Commercial Version (Java, PHP)

The commercial version supports the analysis of PHP and Java code. It was built from scratch and leverages new code analysis techniques which are specifically tailored to the intricacies of each programming language and its features. It uses abstract syntax trees, control flow graphs, and context-sensitive taint analysis in order to accurately identify even complex security vulnerabilities that base on second-order data flow or misplaced security mechanisms. Further, it simulates each language's built-in features, libraries and frameworks to minimize false positives. It supports the automated detection of over 200 different vulnerability types, code quality issues and misconfiguration weaknesses. RIPS found critical security issues in popular open-source projects, including WordPress, Joomla, Magento, phpBB, Moodle and Roundcube. Contrarily to the open-source version, the commercial version supports all versions of Java, PHP and Node.js, industry standards such as OWASP Top 10, ASVS, CWE, SANS 25 and PCI-DSS, and can be integrated into the software development life cycle. RIPS is available as on-premises software and as Software-as-a-Service.