Web applications nowadays use AJAX features to provide a very comfortable interface to their users. XmlHttpRequest is the technique that is used to pull data from the server in the background.
Have you ever asked yourself how to track down security issues in your XmlHttpRequests without losing too much time? Well, Chorizo gives you the answer: the proxy mode. By using Chorizo! in this (preferred) mode, you can assure that every request your application makes (whether it is a XmlHttpRequest call or a Flash client that pulls data from a PHP script in the background) will be tracked by Chorizo! and thus scanned for security flaws.
It might be interesting to note that the proxy itself was written in PHP :-) We measured it is able to make up to 100 scans/second. In order to secure your server for a DOS attack ;-), we implemented a heuristic that automatically reduces the number of parallel scans if the server doesn’t respond fast enough.
If you want to give it a try, here’s a sneak peak (screenshots!) about Morcilla, our upcoming server-side PHP extension which will only be available in the commercial accounts.