Weverca is a static analysis framework for web applications written in PHP. The aim of the framework is to allow easy specification of precise static analyses. The framework has been used to develop a tool for securing web applications by reporting suspicious code constructs and commands.

Live demo

You can try out our tool via a web interface here (frequently updated developer build): http://perun.ms.mff.cuni.cz/weverca

Student projects

We offer bachelor and master thesis focusing on PHP verification. These include:

If interested, please drop an email to jan.kofron (at) d3s.mff.cuni.cz or come to the office 309, Mala Strana.

Link bibtex
David Hauzar, Jan Kofroň:
Framework for Static Analysis of PHP Applications, in Proceedings of ECOOP 2015,  ISBN: 978-3-939897-86-6, pp. 689–711
DOI: 10.4230/LIPIcs.ECOOP.2015.689, 2015
Link bibtex
David Hauzar, Jan Kofroň, Pavel Baštecký:
Data-flow Analysis of Programs with Associative Arrays, in Proceedings of ESSS 2014, 
DOI: 10.4204/EPTCS.150.6, 2014
Link bibtex
David Hauzar, Jan Kofroň:
WeVerca: Web Applications Verification for PHP, in Proceedings of SEFM 2014,  ISBN: 978-3-319-10430-0, pp. 296-301
DOI: 10.1007/978-3-319-10431-7_24, 2014
Link bibtex
David Hauzar, Jan Kofroň:
On Security Analysis of PHP Web Applications, in Proceedings of STPSA 2012,  ISBN: 978-1-4673-2714-5, pp. 577-582
DOI: 10.1109/COMPSACW.2012.106, 2012
PDF bibtex
David Hauzar, Jan Kofroň:
Hunting Bugs Inside Web Applications, Technical report no. 2011-26, Department of Informatics, KIT , 2011