1

PHP STATIC CODE ANALISYSBelakhdar Abdeldjalil

2

Show the code

● Simple php script● Few pages● Few code lines

3

Find the bug

Try to find it manually ?

4

Are there better ways to do it ?

5

Find the bug

How about grep ?

6

Are there better way to do it ?

7

Find the bug

How about Php tokenizer ?

8

Find the bug

Rips is in the party

9

Find the bug

Rips and taint analysis

10

Find the bug

Php tokenizer in action with Rips

11

Demo

Try rips on rips

12

Demo

Try rips on wordpress plugins

13

Demo

Try rips on yii app

14

Demo

Rips is not the miracle answer

15

In the end

● Php tokenizer is a big help● Rips make it easier● Not the best way for object oriented (mvc) project

16

Thanks

17

Questions Now ?

Or later by email riemann@opendz.org