Monday, January 2, 2012

RIPS v0.50 Released

RIPS is a static source code analyser for vulnerabilities in PHP webapplications 

Whats new:

A major change is that RIPS now parses PHP code by instructions and not by lines anymore. This is much much more effective and accurate. Parsing code line by line worked out well for the most projects but also introduced a lot of bugs that are now fixed. RIPS is now even able to parse obfuscated PHP code and PHP backdoors. Finally RIPS is able to scan large open source projects (non-OOP).

A new feature showing the current scan status and the current file that is scanned as well as a approximated timeleft supports this.A new feature called leakscan is added that is able to detect if the output of a sensitive sink is returned to the user. In example this helps to detect where the result of your SQL Injection is printed or embedded to a header or if you have to use blind SQL Injection techniques.  


More info:

No comments: