I am interested in doing some static analysis on a PHP codebase to detect security issues beyond greping every $_POST, $_REQUEST etc and manually checking to see that they are handled properly.

Any stock BT5 tools to do this and if not any tool recommendations?