Analysis Engines

RIPS performs static analysis and scans source code for security issues.

We build language-specific analysis engines that are dedicated to all characteristics and features of each individual programming language for the most accurate analysis possible.

Currently, RIPS supports the following programming languages:

Static Code Analysis

Static analysis is performed solely on the source code of an application without executing the application. The complete source code is transformed into an abstract model that is analyzed for security vulnerabilities. More precisely, RIPS uses taint analysis to analyze the data flow of user input that the application receives. If user input is used in a security sensitive operation (e.g. a SQL query or a file path) an attacker could malform this operation and thus a security vulnerability is reported (e.g. a SQL injection or path traversal vulnerability). The data flow of user input it traced throughout the complete code base, including all files, functions, classes, and methods. The outcome is an efficient analysis of 100% of the code regardless of the applications running environment or completeness. Static application security testing (SAST) tools should be part of necessary code testing and review processes, so that security issues can be detected and remediated as early as possible. This allows code developers and security analysts to ensure complex security vulnerabilities do not remain undetected in the source code.


How RIPS works

You can find insights about our approach on our website:

The RIPS Approach

How RIPS compares to other solutions

You can find insights about how we compare our analysis engine to other approaches in our blog post:

Comparison of Application Security Testing Approaches