David Hauzar (david.hauzar<at-sign>
Jan Kofroň (jan.kofron<at-sign>
Pavel Baštecký (anebril<at-sign>
Matyáš Brenner (matyas.brenner<at-sign>
Marcel Kikta (maki007<at-sign>
David Škorvaga (dave-skorvaga<at-sign>
Miroslav Vodolán (miravod<at-sign>
Natália Tyrpáková (natalia.tyrpakova<at-sign>


Weverca is a static analysis framework for web applications written in PHP. The aim of the framework is to allow easy specification of precise static analyses. The framework has been used to develop a tool for securing web applications by reporting suspicious code constructs and commands.

Live demo

You can try out our tool via a web interface here (frequently updated developer build):

Student projects

We offer bachelor and master thesis focusing on PHP verification. This includes:

  • Searching for security holes in wide-spread PHP frameworks, such as WordPress and Drupal.
  • Implementation of new techniques and algorithm for PHP analysis.
  • Implementation of new optimizations to existing algorithms.
  • Any related work of student interest.

If interested, please drop an email to jan.kofron (at) or come to the office 309, Mala Strana.

Weverca sources cen be found at github: