(See bigger version with better quality at https://chorizo-scanner.com/flash_morcilla )
This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server.
We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function family, fopen, mail, include/require/include_once/require_once, preg_* and others. With a ZendEngine patch, we are able to trace unset variables and a lot more.
Garvin Hicking from s9y weblog project says:
„Chorizo features a large ruleset for virtually all ‚usual suspects‘ of
web application security issues. Being able to run background checks
while developing an application is an immense timesaver – especially for
open-source developers like me, who are already swamped with support and
bugfixing, we can now enjoy discovering possible security issues while