Static code analysis for PHP

Static code analysis is usually performed as part of a Code Review (also known as white-box testing) and refers to the running of static code analysis tools that attempt to highlight possible vulnerabilities within 'static' (i.e. non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis.

There used to exist a free software static code analysis tool for PHP code known as RIPS, but it was abandoned (as free software) in March 2015 and the rewritten and updated version is AFAIK only available as SaaS (I haven't found any pricing information).

The thesis entails reviewing the field of static code analysis in the context of PHP and evaluate and if possible resurrect the free software version of RIPS or to design and implement a static code analysis tool suite for PHP based on a other components.

Emneord: Free Software, PHP, security
Publisert 14. aug. 2018 10:08 - Sist endret 14. aug. 2018 10:08


Omfang (studiepoeng)