News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ThinPHP Blog:
Understanding successful tracing of security vulnerabilities
September 21, 2006 @ 07:34:33

In this new post on the ThinkPHP blog, there's more talk about their Chorizo! security scanner and how, with a little help from their Morcilla product, you can find problems easily. Now, interpreting them is another matter, so they show you a simple way to determine just what went wrong.

Sometimes it's not very easy to check if a vulnerability occured where Morcilla told you it occured. In order to pinpoint this issue, it is neccessary that you get a deeper look to the callstack of all the functions that were involved calling the SQL abstraction layer.

They include a screenshot of how the functionality will (in the upcoming version) work in the case of a MySQL SQL injection problem.

0 comments voice your opinion now!
vulnerabilities security chorizo morcilla trace screenshot sql injection vulnerabilities security chorizo morcilla trace screenshot sql injection


ThinkPHP Blog:
SQL injections for dummies - and how to fix them
September 15, 2006 @ 07:38:15

On the ThinkPHP Blog, there's a look at how to handle SQL injections, including a video showing how their product, Chorizo handles their discovery in your application.

Well, database operations are bread-and-butter work for most PHP applications. PHP and MySQL, for example, have been like brother and sister for many years. You may have heard about "SQL injections", a bad taste from the outside world of $_GET, $_POST, $_COOKIE and the like.

They mention the obvious - not accepting unfiltered input from users - and how the Chorizo and Morcilla software work to identify and comabt them in an application. You can even check out a Flash video of the process you'd need to take.

0 comments voice your opinion now!
sql injection chorizo morcilla scanner security input filter sql injection chorizo morcilla scanner security input filter


Think-PHP Blog:
Detect and fix security vulnerabilities on server side within seconds
September 07, 2006 @ 07:12:27

From the group that brings you Chorizo! and Morcilla, the latest in PHP security tools, is a video showing how to find and correct the issues that your script might have on the server side (with the help of Morcilla).

This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server.

We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function family, fopen, mail, include/require/include_once/require_once, preg_* and others. With a ZendEngine patch, we are able to trace unset variables and a lot more.

The video (basically a screen capture of the process) is a bit hard to read in the smaller version, so it's recommended to view the larger size if you want to see the options. It's interesting, though, to see how it picks out the errors and tells what they are and where you can go to fix them (like a file inclusion issue, as they demonstrate).

0 comments voice your opinion now!
chorizo security scanner morcilla serverside video example chorizo security scanner morcilla serverside video example


ThinkPHP Blog:
New Help Center for Chorizo!
August 29, 2006 @ 07:57:23

On the ThinkPHP Blog, there's information posted about a new help center for their Chorizo! scanner with lots of information included already.

Go and check out Chorizo!'s new Help Center. We extended the existing tutorials and provide a smooth overview about the current documentation. Included is an overview about all the scanner plugins Chorizo! is using and explain a bit what each plugin does.

There are "Getting Started" guides offered, video tutorials, details on each of the plugins (PHPversions, XSS plugin, Session injection, etc), some of the features of the scanner, and some general troubleshooting information.

0 comments voice your opinion now!
help center chorizo scanner security free plugin video getting started help center chorizo scanner security free plugin video getting started


ThinkPHP Blog:
Improving Usability on "My Chorizo" page the host signature file
July 31, 2006 @ 05:59:21

The guys over at the ThinkPHP blog are already improving their Chorizo security scanner software with refreshed usability for their "My Chorizo" page inside the utility.

In the spirit of Web2.0 applications, we constantly improve Chorizo! and silently update the application with the newest features. In order to scan a host, you have to prove that you are the owner of the host by uploading a unique signature file to your host's document root. Some of our users had trouble uploading it into the docroot, some accidently put it into the wrong directory.

Their enhancement makes it easy to tell which of the products have their signature files in place and while don't at a glance.

0 comments voice your opinion now!
chorizo web scanner usability update signature chorizo web scanner usability update signature


ThinkPHP Blog:
Commoditizing PHP security (Chorizo! Launched)
July 21, 2006 @ 05:42:44

The fine folks over at ThinkPHP have released their scanning tool, Chorizo!, to the general public - including the ability to sign up for a free account.

We think it's time to commoditize PHP web application security. You may have heard of Chorizo!.

With this free account, it's possible to use the Chorizo! application service as a proxy and scan 1 host. All scan datas are encrypted, your data is only visible to you. There are also some valuable help documents available that explain the whole process from registering up to uploading the signature file onto your host and how to analyze the results.

They also have a commercial version that includes: the Advisor software to help you correct the issues found, a more detailed report analyzer, and a PDF export of the reports.

0 comments voice your opinion now!
chorizo launch security scanner tool reports advisor free chorizo launch security scanner tool reports advisor free



Community Events





Don't see your event here?
Let us know!


code unittest introduction symfony2 podcast interview series release threedevsandamaybe laravel install language developer framework opinion list community refactor testing experience

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework