Kategorie: Chorizo
-
Web2.0 Security: Warum im Web2.0 Gefahren lauern
Aus dem Symantec Internet Security Threat Report: 69% aller Vulnerabilities passieren in Webapplikationen. Die Mitre Corporation CVE Datenbank bestätigt: 21,5% aller Lücken sind XSS Lücken. Johann-Peter Hartmann, CTO Mayflower GmbH, zeigte auf der AJAX in Action in Frankfurt dieser Woche, warum insbesondere Web2.0 und XSS besonders weh tun: bis zu 100% der üblichen MVC (Model,…
-
Understanding successful tracing of security vulnerabilities
Web applications can easily become very complex. Several hundreds of thousands of lines of code (no HTML templates!) is usual at larger corporate solutions. This also means that your PHP applications follows the standards like object oriented programming, nested classes etc. When it comes down to detect security vulnerabilities, a lot of tools are available.…
-
SQL injections for dummies – and how to fix them (Update)
Well, database operations are bread-and-butter work for most PHP applications. PHP and MySQL, for example, have been like brother and sister for many years. You may have heard about „SQL injections“, a bad taste from the outside world of $_GET, $_POST, $_COOKIE and the like. Everybody should know that you shouldn’t pass variables from outside…
-
New Help Center for Chorizo!
von
in ChorizoGo and check out Chorizo!’s new Help Center. We extended the existing tutorials and provide a smooth overview about the current documentation. Included is an overview about all the scanner plugins Chorizo! is using and explain a bit what each plugin does. For example, if we detect SQL injection vulnerabilities in your PHP/MySQL based application,…
-
The proxy mode of Chorizo – and a sneak peak to Morcilla, Chorizo’s little sister.
Web applications nowadays use AJAX features to provide a very comfortable interface to their users. XmlHttpRequest is the technique that is used to pull data from the server in the background. Have you ever asked yourself how to track down security issues in your XmlHttpRequests without losing too much time? Well, Chorizo gives you the…
-
Stacking up the free accounts: recursive scans
Chorizo’s standard account already contains recursive scans from the current URL. This means that Chorizo! is able to follow URLs from forms etc. automatically until a recursive level that you are able to set. From now on, the free accounts also benefit from this feature which makes it very handy to scan sites more deeply.…
-
Improving Usability on „My Chorizo“ page: the host signature file
von
in ChorizoIn the spirit of Web2.0 applications, we constantly improve Chorizo! and silently update the application with the newest features. In order to scan a host, you have to prove that you are the owner of the host by uploading a unique signature file to your host’s document root. Some of our users had trouble uploading…
-
3,500 users in 2 days. Awaiting the birth of the bloody alien sausage.
Geez! What a week. Right after the announces at several newstickers and websites (on heise security German and heise Security English, an extensive German review at dynamic-webpages.de and one in French at nexen.net) on Monday, more than 3,500 users (and counting) registered at our small security sausage tool and created hundreds of thousands security scans…