翻訳と辞書 |
RIPS
RIPS is a static code analysis tool to automatically detect taint-style vulnerabilities in PHP applications. It is written in PHP and was released during the Month of PHP Security〔http://www.php-security.org/2010/05/24/mops-submission-09-rips-a-static-source-code-analyser-for-vulnerabilities-in-php-scripts/index.html〕 in May 2010 as open source software.〔http://sourceforge.net/projects/rips-scanner/〕 == Analysis == RIPS tokenizes PHP code (lexical analysis) based on PHP's tokenizer extension and performs semantic analysis to build a program model. Based on previously analyzed variable assignments, it performs backwards-directed inter-procedural taint analysis of sensitive sinks. RIPS strength is the ability to scan PHP applications very fast for PHP-specific vulnerabilities. Its weakness is a rather high amount of false positives due to no use of an abstract syntax tree or control flow graph. The lacking support for object-oriented PHP code can lead to false negatives.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「RIPS」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|