PHP is a leading server-side scripting language for developing dynamic web sites. Given the prevalence, PHP applications have become the common targets of attacks. One cannot rely on the programmers alone to deliver a vulnerability-free code. Automated tools can help discovering these vulnerabilities. We present PHPWander, a static vulnerability analysis tool for PHP written in PHP. As modern PHP applications are written in object-oriented manner, the tool is able to process object-oriented code as well.
| supervisors | Martin Steffen |
| IFI links | abstract, thesis |
| github | PHPWander |