Cornac: Static Audit for PHP

Location: D137
Average rating: ***..
(3.00, 5 ratings)

Most of the time, auditing PHP code is done manually. One need to read the code to understand it, and find flaws
(security, business, quality…)

Static analysis takes over manual auditing by providing means to search all the code, without leaving a stone unturned :
it still needs to do this according to direction.

During this session, we’ll cover the use an open static analysis tool, also known as cornac,
that will provide us invaluable information such as :
PHP 5.3 compabitility, security flaws, inclusion tree, unused variables and arguments, GPC manipulations, stange names and
classes inventories.

This is the best way to take a look at one’s code with hindsight. We’ll share with the audience code metrics and must-check structures of code.

Photo of Damien Seguy

Damien Seguy

Expert Services Consultant

Damien Seguy is a LAMP consultant.

Damien coaches large teams about industrialisation and security. He works actively in the field of performances and technology study to startup and large institutions in France. He is also co-author of several books, Zend Certifications, phather of the elePHPant plush toy. He founded AFUP and PHP Québec.

Comments on this page are now closed.


Picture of Damien Seguy
Damien Seguy
08/17/2011 7:15pm PDT

Here :

Sorry for the delay.

Picture of Gauthier de Valensart
Gauthier de Valensart
08/15/2011 9:22pm PDT

Is there any way to get your Oscon 2011 presentation slides?

Thank you