How To Review PHP Code for Vulnerabilities

This document will, when completed, be intended to help PHP developers learn to review code for security issues, and to help experienced code reviewers evaluate PHP applications faster, better, and more repeatably.

My preferences favor open source softwar. As far as IDE’s go, I have found Eclipse to be a very powerful code review tool. I’ve started documenting the process of configuring and using it, in a task-focused way, to assist the reviewer to perform common code review activities.

The page linked below will be regularly updated as I write more, and as I incorporate suggestions from others. It will probably finally reside on a Mozilla Developer Network page.

If you can suggest changes or additions to the doc above, please comment below. Thanks!