So many automatic tools for PHP code review, so almost forgot how to do it manually.
Looking forward to prepare manual of hands-on to PHP code review, looking for known, less known or possibly unknown (?) code vulnerabilities.
upd1: O!. looks like not only me thinking about going back to basics. Ryan Dewhurst from InfoSec – “Finding Security Vulnerabilities in PHP Using Grep”
Upd2: Now, when I look at it, there are some previous work done, but as usual – when someone start to make a review of what to look and how to look – someone point him to automatic tool that “do the job” like RIPS, and there it stops. major result – less and less people who know what exactly they looking for, and more interesting – what they miss. )
p.s. actually, when You look at code itself, it overdue the language borders and differences. Already found few articles in Arabic with code examples, one Chinese forum with brightfull ideas (in open access and google-indexed, I am sure there are much more) and a lot of Russian articles (that one I still remember )