David Hauzar (david.hauzar<at-sign>d3s.mff.cuni.cz)
Jan Kofroň (jan.kofron<at-sign>d3s.mff.cuni.cz)
Pavel Baštecký (anebril<at-sign>seznam.cz)
Matyáš Brenner (matyas.brenner<at-sign>post.cz)
Marcel Kikta (maki007<at-sign>gmail.com)
David Škorvaga (dave-skorvaga<at-sign>seznam.cz)
Miroslav Vodolán (miravod<at-sign>centrum.cz)
Natália Tyrpáková (natalia.tyrpakova<at-sign>gmail.com)


Weverca is a static analysis framework for web applications written in PHP. The aim of the framework is to allow easy specification of precise static analyses. The framework has been used to develop a tool for securing web applications by reporting suspicious code constructs and commands.

Live demo

You can try out our tool via a web interface here (frequently updated developer build): http://perun.ms.mff.cuni.cz/weverca

Student projects

We offer bachelor and master thesis focusing on PHP verification. This includes:

  • Searching for security holes in wide-spread PHP frameworks, such as WordPress and Drupal.
  • Implementation of new techniques and algorithm for PHP analysis.
  • Implementation of new optimizations to existing algorithms.
  • Any related work of student interest.

If interested, please drop an email to jan.kofron (at) d3s.mff.cuni.cz or come to the office 309, Mala Strana.

Weverca sources cen be found at github: https://github.com/d3sformal/weverca.