Despite the advent of frameworks and other security techniques, SQL injection and XSS still remains some of the most common sources of vulnerabilities in web applications. Any variable that can be modified by an outside user can be a potential security risk. But cannot we simply track which variables have been provided by a monitor if they reach the database or client without any proper treatment? This is the idea behind so-called taint checking. In this talk, we will together discover how to use taint checking in PHP, how to properly configure tools, and evaluate the check results.