Most of the time, auditing PHP code is done manually. One need to read the code to understand it, and find flaws (security, business, quality…)
Static analysis takes over manual auditing by providing means to search all the code, without leaving a stone unturned : it still needs to do this according to direction.
During this session, we’ll cover the use an open static analysis tool, also known as cornac, that will provide us invaluable information such as : PHP 5.3 compabitility, security flaws, inclusion tree, unused variables and arguments, GPC manipulations, stange names and classes inventories.
This is the best way to take a look at one’s code with hindsight. We’ll share with the audience code metrics and must-check structures of code.