Weverca – Web verification for PHP


David Hauzar david.hauzar<at-sign>d3s.mff.cuni.cz
Jan Kofroň jan.kofron<at-sign>d3s.mff.cuni.cz
Pavel Bašteckýanebril<at-sign>seznam.cz
Matyáš Brennermatyas.brenner<at-sign>post.cz
Marcel Kiktamaki007<at-sign>gmail.com
David Škorvagadave-skorvaga<at-sign>seznam.cz
Miroslav Vodolánmiravod<at-sign>centrum.cz
Natália Tyrpákovánatalia.tyrpakova<at-sign>gmail.com


Weverca is a static analysis framework for web applications written in PHP. The aim of the framework is to allow easy specification of precise static analyses. The framework has been used to develop a tool for securing web applications by reporting suspicious code constructs and commands.

Live demo

You can try out our tool via a web interface here (frequently updated developer build): http://perun.ms.mff.cuni.cz/weverca


Framework and tool

Source codes, version 20150804

Binary distribution, version 20150528 (requires .NET 4.5+ or Mono 3+)

User documentation

Programmer documentation

Eclipse plugin

Update site, version 20140829 (requires framework, version 20140829)

User documentation

Programmer documentation

Student projects

We offer bachelor and master thesis focusing on PHP verification. This includes:

  • Searching for security holes in wide-spread PHP frameworks, such as WordPress and Drupal.
  • Implementation of new techniques and algorithm for PHP analysis.
  • Implementation of new optimizations to existing algorithms.
  • Any related work of student interest.

If interested, please drop an email to jan.kofron (at) d3s.mff.cuni.cz or come to the office 309, Mala Strana.

Logo of Faculty of Mathematics and Physics
  • Phone: +420 951 554 267, +420 951 554 236
  • Email: info<at-sign>d3s.mff.cuni.cz
  • How to find us?
Modified on 2016-02-17