Weverca is a static analysis framework for web applications written in PHP. The aim of the framework is to allow easy specification of precise static analyses. The framework has been used to develop a tool for securing web applications by reporting suspicious code constructs and commands.

Student projects

We offer bachelor and master thesis focusing on PHP verification. These include:

If interested, please drop an email to jan.kofron (at) d3s.mff.cuni.cz or come to the office 309, Mala Strana.

D. Hauzar, J. Kofroň:
Framework for Static Analysis of PHP Applications, in Proceedings of ECOOP 2015, pp. 689–711, 2015
ISBN: 978-3-939897-86-6, DOI: 10.4230/LIPIcs.ECOOP.2015.689
D. Hauzar, J. Kofroň, P. Baštecký:
Data-flow Analysis of Programs with Associative Arrays, in Proceedings of ESSS 2014, 2014
DOI: 10.4204/EPTCS.150.6
D. Hauzar, J. Kofroň:
WeVerca: Web Applications Verification for PHP, in Proceedings of SEFM 2014, pp. 296-301, 2014
ISBN: 978-3-319-10430-0, DOI: 10.1007/978-3-319-10431-7_24
D. Hauzar, J. Kofroň:
On Security Analysis of PHP Web Applications, in Proceedings of STPSA 2012, pp. 577-582, 2012
ISBN: 978-1-4673-2714-5, DOI: 10.1109/COMPSACW.2012.106
D. Hauzar, J. Kofroň:
Hunting Bugs Inside Web Applications, Technical report no. 2011-26, Department of Informatics, KIT, 2011