[English readers: this is the start of a new series called "/dev/video" (current project name, may change without further notice) which targets PHP and other web application developers and covers interviews with public projects and tech talk between Mayflower employees and other people. The series will be both in English and German, this first video is in German with Thomas Bachem, Chief Architect at sevenload.de, one of Germany's hottest Web2.0 startups.]

Ich hatte am Montag die Gelegenheit, den Brückentag dazu zu nutzen, den neuen Camcorder (Sony DCR DVD-205) auszuprobieren und den Auftakt zu einer neuen Serie zu starten - wer das PHP Magazin gelesen hat, wird den Artikel zu sevenload.de gesehen …

Web applications can easily become very complex. Several hundreds of thousands of lines of code (no HTML templates!) is usual at larger corporate solutions. This also means that your PHP applications follows the standards like object oriented programming, nested classes etc.

When it comes down to detect security vulnerabilities, a lot of tools are available. In a previous post I told you that we developed Chorizo! mainly because we needed a tool that checks for security vulnerabilities (both XSS issues and server side issues) very easily. I think our GUI is very nice :-)

In a previous post I introduced Morcilla to you (see video here and here and …

(See bigger version with better quality at https://chorizo-scanner.com/flash_morcilla )

This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server.

We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function family, fopen, mail, include/require/include_once/require_once, preg_* and others. With a ZendEngine patch, we are able to trace unset variables and a lot more.

See the video how it works (Google Video, YouTube). Check out the …