diff --git a/.gitignore b/.gitignore
index c03821a..f0da555 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,8 @@
 /vendor/
 .php-cs-fixer.cache
 .php-cs-fixer.php
+.phpmd.result-cache.php
+.phpmd.xml
 composer.lock
 phpcs.xml
 phpdoc.xml
diff --git a/.phpmd.dist.xml b/.phpmd.dist.xml
new file mode 100644
index 0000000..9db2b4f
--- /dev/null
+++ b/.phpmd.dist.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<ruleset name="OCC Default PHPMD Ruleset"
+         xmlns="http://pmd.sf.net/ruleset/1.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://pmd.sf.net/ruleset/1.0.0
+                     http://pmd.sf.net/ruleset_xml_schema.xsd"
+         xsi:noNamespaceSchemaLocation="
+                     http://pmd.sf.net/ruleset_xml_schema.xsd">
+    <description>
+        Open Culture Consulting follows PHP Mess Detector standards.
+    </description>
+
+    <rule ref="rulesets/cleancode.xml">
+        <!-- We need to statically access third-party constructors. -->
+        <exclude name="StaticAccess" />
+    </rule>
+    <rule ref="rulesets/codesize.xml" />
+    <rule ref="rulesets/controversial.xml">
+        <exclude name="CamelCaseMethodName" />
+    </rule>
+    <rule ref="rulesets/controversial.xml/CamelCaseMethodName">
+        <properties>
+            <property name="allow-underscore" value="true" />
+        </properties>
+    </rule>
+    <rule ref="rulesets/design.xml" />
+    <rule ref="rulesets/naming.xml" />
+    <rule ref="rulesets/unusedcode.xml" />
+</ruleset>
diff --git a/README.md b/README.md
index bd9baa2..432a14c 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 The PHP Standard Recommendation PSR-15 defines interfaces for server request handlers and proposes a queue-based implementation using different middlewares for processing requests and preparing responses. This package follows those guidelines and provides a [HTTP server request handler](src/QueueRequestHandler.php) implementation using a [middleware queue](src/MiddlewareQueue.php). It also contains an [abstract class for middlewares](src/AbstractMiddleware.php) to ease the process of writing your own middleware, but you can just as well use any middleware that implements `Psr\Http\Server\MiddlewareInterface` specified by PSR-15 (e.g. from the awesome [PSR-15 HTTP Middlewares](https://github.com/middlewares) project).
 
-All components of this package follow the highest coding standards of [PHPStan](https://phpstan.org/) and [Psalm](https://psalm.dev/), and comply to [PSR-12](https://www.php-fig.org/psr/psr-12/) code style guidelines to make sure they can be combined and easily used in other projects.
+All components of this package follow the highest coding standards of [PHPStan](https://phpstan.org/), [Psalm](https://psalm.dev/), [PHP Mess Detector](https://phpmd.org/), [PHP_CodeSniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer/), and comply to [PSR-12](https://www.php-fig.org/psr/psr-12/) code style guidelines to make sure they can be combined and easily used in other projects.
 
 ## Quick Start
 
diff --git a/composer.json b/composer.json
index f670807..1da018b 100644
--- a/composer.json
+++ b/composer.json
@@ -38,6 +38,7 @@
     "require-dev": {
         "phpdocumentor/shim": "^3.5",
         "phpstan/phpstan": "^1.11",
+        "phpmd/phpmd": "^2.15",
         "phpstan/phpstan-strict-rules": "^1.6",
         "friendsofphp/php-cs-fixer": "^3.59",
         "squizlabs/php_codesniffer": "^3.10",
@@ -70,11 +71,18 @@
         "phpdoc:build": [
             "@php vendor/bin/phpdoc"
         ],
+        "phpmd:check": [
+            "@php -r \"if (!file_exists('./.phpmd.xml')) { copy('./.phpmd.dist.xml', './.phpmd.xml'); }\"",
+            "@php vendor/bin/phpmd src/ ansi .phpmd.xml --cache --ignore-violations-on-exit"
+        ],
         "phpstan:check": [
             "@php vendor/bin/phpstan"
         ],
         "psalm:check": [
             "@php vendor/bin/psalm"
+        ],
+        "psalm:check-security": [
+            "@php vendor/bin/psalm --taint-analysis"
         ]
     },
     "scripts-descriptions": {
@@ -82,7 +90,9 @@
         "php-cs-fixer:fix": "Runs a code check with PHP Coding Standards Fixer and tries to fix all issues. If a custom configuration file '.php-cs-fixer.php' exists, it will be used instead of the default settings in '.php-cs-fixer.dist.php'.",
         "phpcs:check": "Runs a code check with PHP_CodeSniffer and reports problems. If a custom configuration file '.phpcs.xml' exists, it will be used instead of the default settings in '.phpcs.xml.dist'.",
         "phpdoc:build": "Builds the documentation from source files in ./src and additional templates in .phpdoc/. If a custom configuration file 'phpdoc.xml' exists, it will be used instead of the default settings in 'phpdoc.dist.xml'.",
+        "phpmd:check": "Runs a code check with PHP Mess Detector static code analyzer and reports problems. If a custom configuration file '.phpmd.xml' exists, it will be used instead of the default settings in '.phpmd.dist.xml'.",
         "phpstan:check": "Runs a code check with PHPStan static code analyzer and reports problems. If a custom configuration file 'phpstan.neon' exists, it will be used instead of the default settings in 'phpstan.dist.neon'.",
-        "psalm:check": "Runs a code check with Psalm static code analyzer and reports problems. If a custom configuration file 'psalm.xml' exists, it will be used instead of the default settings in 'psalm.xml.dist'."
+        "psalm:check": "Runs a code check with Psalm static code analyzer and reports problems. If a custom configuration file 'psalm.xml' exists, it will be used instead of the default settings in 'psalm.xml.dist'.",
+        "psalm:check-security": "Runs a code check with Psalm static code analyzer and reports security issues. If a custom configuration file 'psalm.xml' exists, it will be used instead of the default settings in 'psalm.xml.dist'."
     }
 }