About
-
SQL injections for dummies – and how to fix them (Update)
Well, database operations are bread-and-butter work for most PHP applications. PHP and MySQL, for example, have been like brother and sister for many years. You may have heard about „SQL injections“, a bad taste from the outside world of $_GET, $_POST, $_COOKIE and the like. Everybody should know that you shouldn’t pass variables from outside…
-
Detect and fix security vulnerabilities on server side within seconds.
von
in PHP(See bigger version with better quality at https://chorizo-scanner.com/flash_morcilla ) This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server. We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function…
-
New Help Center for Chorizo!
von
in ChorizoGo and check out Chorizo!’s new Help Center. We extended the existing tutorials and provide a smooth overview about the current documentation. Included is an overview about all the scanner plugins Chorizo! is using and explain a bit what each plugin does. For example, if we detect SQL injection vulnerabilities in your PHP/MySQL based application,…
-
Make the download of large files with PHP (and lighty) very easy
von
in PHPAs you may know, our friend Jan Kneschke is the creator of lighttpd (called „lighty“), a superb OpenSource webserver (designed for speed and easyness) where we provide exclusively consulting and implementation services for. Some days ago I stumbled upon an old entry of Jan in lighty’s life, called „X-Sendfile“. There he explains how to speed…
-
The proxy mode of Chorizo – and a sneak peak to Morcilla, Chorizo’s little sister.
Web applications nowadays use AJAX features to provide a very comfortable interface to their users. XmlHttpRequest is the technique that is used to pull data from the server in the background. Have you ever asked yourself how to track down security issues in your XmlHttpRequests without losing too much time? Well, Chorizo gives you the…
-
lighttpd’s mod_cml will change
von
in PHPYou may have read Jo’s blog entry Methods to reduce the load of your webserver by caching content: using lighttpd, MySQL UDF, LUA and speed everything up. He explained there how to use lighttpd and its mod_cml together with MySQL to provide a caching system directly at the webserver, and not at the PHP level.…
-
Stacking up the free accounts: recursive scans
Chorizo’s standard account already contains recursive scans from the current URL. This means that Chorizo! is able to follow URLs from forms etc. automatically until a recursive level that you are able to set. From now on, the free accounts also benefit from this feature which makes it very handy to scan sites more deeply.…
-
Improving Usability on „My Chorizo“ page: the host signature file
von
in ChorizoIn the spirit of Web2.0 applications, we constantly improve Chorizo! and silently update the application with the newest features. In order to scan a host, you have to prove that you are the owner of the host by uploading a unique signature file to your host’s document root. Some of our users had trouble uploading…
-
3,500 users in 2 days. Awaiting the birth of the bloody alien sausage.
Geez! What a week. Right after the announces at several newstickers and websites (on heise security German and heise Security English, an extensive German review at dynamic-webpages.de and one in French at nexen.net) on Monday, more than 3,500 users (and counting) registered at our small security sausage tool and created hundreds of thousands security scans…