Have you ever tried to track down XMLHttpRequests of your PHP application for security issues? It’s hard, isn’t it? Welcome to the world of Web2.0, XSS, SQL injections, Code inclusion/execution, Session injection, Cross Site Request Forging and so on.

This video shows a free tool called Chorizo! ( https://chorizo-scanner.com/ ) which can be used as a proxy and automatically tracks every request to your application and scans for security errors.

It lists all found bugs and provides detailed report analysis including an Adviser which explains the bug (i.e. XSS) in detail and provides concrete PHP code examples so that you can fix your application in just a minute