The year is coming to an end and many things have changed. In the past three years, I have researched new static code analysis techniques and finished the development of a complete new generation of RIPS. The new generation is a state-of-the-art SAST tool for the automated detection of security issues in PHP code and it’s based on a fundamentally different engine than the previous versions. With its strong focus on all subtlenesses and security pitfalls of the PHP language and with new code analysis techniques it clearly outperforms any other solution for PHP security analysis I have seen. Together with a passionate team of experts, we founded the RIPS Technologies company and released the next generation of RIPS as a standalone product and also as a cloud service. Although personally it was a difficult decision to commercialize a project I have been working on since 7 years, it is a great opportunity to continue working full-time on RIPS and to advance it together (join us!).
Due to all these changes there was little time left for research and new blog posts. Nonetheless, our team and customers have been using the next generation of RIPS daily throughout the year and as a result have discovered many interesting security bugs in PHP applications. In order to sweeten your Christmas time, we will publish a technical description for some of these bugs in form of an advent calendar at the RIPS Technologies Blog. Each day until Christmas, a new post will uncover a new security vulnerability or provide insights into the new RIPS engine and its cool features. I hope you will enjoy the posts and I wish you all a Merry Christmas!
Open the Advent of PHP Application Vulnerabilities (APAV) calendar