We think it’s time to commoditize PHP web application security. You may have heard of Chorizo!. We’re proud to announce that from now on it’s
possible to register for a free account on chorizo-scanner.com.
With this free account, it’s possible to use the Chorizo! application service as a proxy and scan 1 host. All scan datas are encrypted, your data is only visible to you. There are also some valuable help documents available that explain the whole process from registering up to uploading the signature file onto your host and how to analyze the results. Please note: as Chorizo! is an application service, you can only scan your hosts that are publicly available or their firewall has the chorizo-scanner.com IP configured. For those of you who want to scan non-public websites, there will be a solution soon.
Furthermore, there’s an enhanced commercial version available which includes the Advisor (a guide that explains you what issue was found and how to solve it exactly), a detailed report analyzer and a PDF export of the reports for maximizing development productivity (please click on the small image to display the large version):
We think that everyone should be able to find usual security bugs like XSS (especially with nowadays Web2.0 applications), SQL injection (i.e. in MySQL queries), Remote Code inclusion/execution, Session injection, PHP vulnerabilities and the like. As Chorizo! is based on a plugin architecture, it is likely that we’ll add more and more plugins for detecting new vulnerabilites.
If you have any questions, feel free to e-mail us at: chorizo at mayflower dot de