Follow us on Twitter
  1. Eadwan Bug #643 (New): arduino bugs after teensy support added http://t.co/3RKY1KHl #backtrack #Hacking 2 minutes
  2. KillHerTears Donta' #Hacking 16 minutes
  3. Cyberwarzonecom Team Cymru the video series 41 to 50 http://t.co/5RKs0gCf #Cyberwarfare via @Cyberwarzonecom #infosec #security #hacking #share 16 minutes
  4. Cyberwarzonecom Team Cymru the video series 31 to 40 http://t.co/BP9SpQG2 #Cyberwarfare via @Cyberwarzonecom #infosec #security #hacking #share 17 minutes
  5. Cyberwarzonecom Team Cymru the video series 21 to 30 | #infosec #security #hacking #share http://t.co/dp2jGpr4 #Cyberwarfare via @Cyberwarzonecom 17 minutes
  6. Cyberwarzonecom Team Cymru the video series 11 to 20 | http://t.co/2QUOriPc #Cyberwarfare via @Cyberwarzonecom #infosec #security #hacking #share 17 minutes
  7. Cyberwarzonecom Team Cymru the video series 1 to 10 http://t.co/noiepHNz #Cyberwarfare via @Cyberwarzonecom #infosec #security #hacking #share 17 minutes
Most popular
Login

RIPS - static analysis tool for PHP vulnerabilities

PostDateIconSaturday, 20 August 2011 12:21 | PostAuthorIconWritten by Reiners | E-mail
User Rating: / 1
PoorBest 

RIPS – a static analysis tool for PHP vulnerabilities. You can download the new version 0.40 here. In this post I will give a short project status report.

Whats new

There has been a couple of bugfixes and improving especially regarding file inclusions which are vital for correct analysis. Also RIPS now tries to analyse SQL queries on quotes before a decision on correct securing is made. However this feature is still not 100% working correctly in all cases.

// safe
$name = mysql_real_escape_string($_GET['name']);
mysql_query("SELECT * FROM users WHERE name = '$name'");

// vulnerable
$id = mysql_real_escape_string($_GET['id']);
mysql_query("SELECT * FROM users WHERE id = $id");

The main new visible features are graphs. Besides the list of all scanned files RIPS now gives a nice overview on how files are connected to eachother, what files accept sources (userinput) and what files have sensitive sinks or vulnerabilities. It also splits the scanned files in main files (blue) and included files (red) so that entry points can be spotted easily.

RIPS

Read more.. 


Voeg deze pagina toe aan uw favoriete Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! nujij msnrep ekudos TwitThis Joomla Free PHP
< Prev   Next >
 

Add comment


Security code
Refresh

Aanverwante artikelen

Best Rated Content
Archive
Last comments
feed-image

Copyright 2008-2012.
All Rights Reserved.