RIPS – Static Source Code Analysis For PHP Vulnerabilities

RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.
LXer Linux News

StumbleUponDiggTwitterFacebookRedditLinkedInEmail

Self-documentation of code

The inadequacy or lack of documentation of software is a recurring issue. This applies just as often to proprietary software as it does to free software. Documentation of code has two main purposes: to make the code readable for other programmers, and to make the code useable. Good documentation of free software is vital for users, and contributing to the documentation (or translation to a minority language) of a free software project is a good way to get involved for those who don’t know where to start, or how to program, and want to know how it’s done. The problem is a shortage of recruits.
LXer Linux News

StumbleUponDiggTwitterFacebookRedditLinkedInEmail