(See bigger version with better quality at https://chorizo-scanner.com/flash_morcilla )
This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server.
We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function family, fopen, mail, include/require/include_once/require_once, preg_* and others. With a ZendEngine patch, we are able to trace unset variables and a lot more.
See the video how it works (Google Video, YouTube). Check out the plugin help page. And finally, register for the Standard Version which includes Morcilla at no extra costs.
Garvin Hicking from s9y weblog project says:
„Chorizo features a large ruleset for virtually all ‚usual suspects‘ of
web application security issues. Being able to run background checks
while developing an application is an immense timesaver – especially for
open-source developers like me, who are already swamped with support and
bugfixing, we can now enjoy discovering possible security issues while