News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Think-PHP Blog:
Detect and fix security vulnerabilities on server side within seconds
September 07, 2006 @ 07:12:27

From the group that brings you Chorizo! and Morcilla, the latest in PHP security tools, is a video showing how to find and correct the issues that your script might have on the server side (with the help of Morcilla).

This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server.

We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function family, fopen, mail, include/require/include_once/require_once, preg_* and others. With a ZendEngine patch, we are able to trace unset variables and a lot more.

The video (basically a screen capture of the process) is a bit hard to read in the smaller version, so it's recommended to view the larger size if you want to see the options. It's interesting, though, to see how it picks out the errors and tells what they are and where you can go to fix them (like a file inclusion issue, as they demonstrate).

0 comments voice your opinion now!
chorizo security scanner morcilla serverside video example chorizo security scanner morcilla serverside video example


blog comments powered by Disqus

Similar Posts

Davey Shafik\'s Blog: php|tek Days 0 & 1

DZone.com: Reuse your closures with functors

Blue Parabola Blog: php|tek 2009 Webcast Series

IBM developerWorks: Setting up your own on-demand video site with PHP, Part 1

KillerPHP Blog: PHP Interfaces: when and why you should use them instead of classes?


Community Events





Don't see your event here?
Let us know!


community api unittest interview composer threedevsandamaybe language voicesoftheelephpant introduction version series framework laravel list release opinion conference symfony podcast configure

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework