Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ThinPHP Blog:
Understanding successful tracing of security vulnerabilities
Sep 21, 2006 @ 07:34:33

In this new post on the ThinkPHP blog, there's more talk about their Chorizo! security scanner and how, with a little help from their Morcilla product, you can find problems easily. Now, interpreting them is another matter, so they show you a simple way to determine just what went wrong.

Sometimes it's not very easy to check if a vulnerability occured where Morcilla told you it occured. In order to pinpoint this issue, it is neccessary that you get a deeper look to the callstack of all the functions that were involved calling the SQL abstraction layer.

They include a screenshot of how the functionality will (in the upcoming version) work in the case of a MySQL SQL injection problem.

tagged: vulnerabilities security chorizo morcilla trace screenshot sql injection vulnerabilities security chorizo morcilla trace screenshot sql injection

Link:

ThinPHP Blog:
Understanding successful tracing of security vulnerabilities
Sep 21, 2006 @ 07:34:33

In this new post on the ThinkPHP blog, there's more talk about their Chorizo! security scanner and how, with a little help from their Morcilla product, you can find problems easily. Now, interpreting them is another matter, so they show you a simple way to determine just what went wrong.

Sometimes it's not very easy to check if a vulnerability occured where Morcilla told you it occured. In order to pinpoint this issue, it is neccessary that you get a deeper look to the callstack of all the functions that were involved calling the SQL abstraction layer.

They include a screenshot of how the functionality will (in the upcoming version) work in the case of a MySQL SQL injection problem.

tagged: vulnerabilities security chorizo morcilla trace screenshot sql injection vulnerabilities security chorizo morcilla trace screenshot sql injection

Link:

ThinkPHP Blog:
SQL injections for dummies - and how to fix them
Sep 15, 2006 @ 07:38:15

On the ThinkPHP Blog, there's a look at how to handle SQL injections, including a video showing how their product, Chorizo handles their discovery in your application.

Well, database operations are bread-and-butter work for most PHP applications. PHP and MySQL, for example, have been like brother and sister for many years. You may have heard about "SQL injections", a bad taste from the outside world of $_GET, $_POST, $_COOKIE and the like.

They mention the obvious - not accepting unfiltered input from users - and how the Chorizo and Morcilla software work to identify and comabt them in an application. You can even check out a Flash video of the process you'd need to take.

tagged: sql injection chorizo morcilla scanner security input filter sql injection chorizo morcilla scanner security input filter

Link:

ThinkPHP Blog:
SQL injections for dummies - and how to fix them
Sep 15, 2006 @ 07:38:15

On the ThinkPHP Blog, there's a look at how to handle SQL injections, including a video showing how their product, Chorizo handles their discovery in your application.

Well, database operations are bread-and-butter work for most PHP applications. PHP and MySQL, for example, have been like brother and sister for many years. You may have heard about "SQL injections", a bad taste from the outside world of $_GET, $_POST, $_COOKIE and the like.

They mention the obvious - not accepting unfiltered input from users - and how the Chorizo and Morcilla software work to identify and comabt them in an application. You can even check out a Flash video of the process you'd need to take.

tagged: sql injection chorizo morcilla scanner security input filter sql injection chorizo morcilla scanner security input filter

Link:

Think-PHP Blog:
Detect and fix security vulnerabilities on server side within seconds
Sep 07, 2006 @ 07:12:27

From the group that brings you Chorizo! and Morcilla, the latest in PHP security tools, is a video showing how to find and correct the issues that your script might have on the server side (with the help of Morcilla).

This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server.

We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function family, fopen, mail, include/require/include_once/require_once, preg_* and others. With a ZendEngine patch, we are able to trace unset variables and a lot more.

The video (basically a screen capture of the process) is a bit hard to read in the smaller version, so it's recommended to view the larger size if you want to see the options. It's interesting, though, to see how it picks out the errors and tells what they are and where you can go to fix them (like a file inclusion issue, as they demonstrate).

tagged: chorizo security scanner morcilla serverside video example chorizo security scanner morcilla serverside video example

Link:

Think-PHP Blog:
Detect and fix security vulnerabilities on server side within seconds
Sep 07, 2006 @ 07:12:27

From the group that brings you Chorizo! and Morcilla, the latest in PHP security tools, is a video showing how to find and correct the issues that your script might have on the server side (with the help of Morcilla).

This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server.

We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function family, fopen, mail, include/require/include_once/require_once, preg_* and others. With a ZendEngine patch, we are able to trace unset variables and a lot more.

The video (basically a screen capture of the process) is a bit hard to read in the smaller version, so it's recommended to view the larger size if you want to see the options. It's interesting, though, to see how it picks out the errors and tells what they are and where you can go to fix them (like a file inclusion issue, as they demonstrate).

tagged: chorizo security scanner morcilla serverside video example chorizo security scanner morcilla serverside video example

Link:

ThinkPHP Blog:
New Help Center for Chorizo!
Aug 29, 2006 @ 07:57:23

On the ThinkPHP Blog, there's information posted about a new help center for their Chorizo! scanner with lots of information included already.

Go and check out Chorizo!'s new Help Center. We extended the existing tutorials and provide a smooth overview about the current documentation. Included is an overview about all the scanner plugins Chorizo! is using and explain a bit what each plugin does.

There are "Getting Started" guides offered, video tutorials, details on each of the plugins (PHPversions, XSS plugin, Session injection, etc), some of the features of the scanner, and some general troubleshooting information.

tagged: help center chorizo scanner security free plugin video getting started help center chorizo scanner security free plugin video getting started

Link:

ThinkPHP Blog:
New Help Center for Chorizo!
Aug 29, 2006 @ 07:57:23

On the ThinkPHP Blog, there's information posted about a new help center for their Chorizo! scanner with lots of information included already.

Go and check out Chorizo!'s new Help Center. We extended the existing tutorials and provide a smooth overview about the current documentation. Included is an overview about all the scanner plugins Chorizo! is using and explain a bit what each plugin does.

There are "Getting Started" guides offered, video tutorials, details on each of the plugins (PHPversions, XSS plugin, Session injection, etc), some of the features of the scanner, and some general troubleshooting information.

tagged: help center chorizo scanner security free plugin video getting started help center chorizo scanner security free plugin video getting started

Link:

ThinkPHP Blog:
Improving Usability on "My Chorizo" page: the host signature file
Jul 31, 2006 @ 05:59:21

The guys over at the ThinkPHP blog are already improving their Chorizo security scanner software with refreshed usability for their "My Chorizo" page inside the utility.

In the spirit of Web2.0 applications, we constantly improve Chorizo! and silently update the application with the newest features. In order to scan a host, you have to prove that you are the owner of the host by uploading a unique signature file to your host's document root. Some of our users had trouble uploading it into the docroot, some accidently put it into the wrong directory.

Their enhancement makes it easy to tell which of the products have their signature files in place and while don't at a glance.

tagged: chorizo web scanner usability update signature chorizo web scanner usability update signature

Link:

ThinkPHP Blog:
Improving Usability on "My Chorizo" page: the host signature file
Jul 31, 2006 @ 05:59:21

The guys over at the ThinkPHP blog are already improving their Chorizo security scanner software with refreshed usability for their "My Chorizo" page inside the utility.

In the spirit of Web2.0 applications, we constantly improve Chorizo! and silently update the application with the newest features. In order to scan a host, you have to prove that you are the owner of the host by uploading a unique signature file to your host's document root. Some of our users had trouble uploading it into the docroot, some accidently put it into the wrong directory.

Their enhancement makes it easy to tell which of the products have their signature files in place and while don't at a glance.

tagged: chorizo web scanner usability update signature chorizo web scanner usability update signature

Link: