My Master's project was started in 2009 under the supervision of Frank Brokken, head of IT security at the University of Groningen. The goal was to assess the feasibility of using static code analysis to perform automated security audits on web application software before it would get deployed on a web server. The motive for this project was a recent attack on one of the University's web servers, caused by unsafe PHP code having been deployed by one of their users. Over time, the project evolved into research on static analysis in general and the difficulties of performing it on PHP code specifically, as well as a meta-analysis of existing PHP static analysis solutions and a benchmark of their performance.

The full Master's thesis can be downloaded here:
Automated Security Review of PHP Web Applications with Static Code Analysis

The LaTeX sources of the above thesis, along with other artifacts from my research, are available on Bitbucket:
https://bitbucket.org/ndepoel/phpscabench