As you have learned in the previous chapters/guides, Chorizo! provides you with some information about found security issues inside the Chorizo! UI in your web page. To further analyze those issues, you have access to the reports page. The reports page on chorizo-scanner.com delivers a fully-fledged report about the issues found during a scan session. It displays a nice graphical overview and contains an advisor for guiding you on how to fix the found bugs.
The Advisor provides you with an in-depth guide on how to fix found security issues. It includes comprehensive know-how about each issue category and guides you with code examples in order to fix every found issue.
The Advisor and the Reports page is only available in the commercial versions of Chorizo! inside the Reports page.
After you started a scan and “hopefully” found security issues while testing, you will see the see the Chorizo! UI displays all found issues.
As you can see, there are high risk, medium and low risk security issues found. Chorizo displays all issues in a list. A click on a specific issue opens an additional window with more information on the found issue.
The result layer is fully draggable. A double-click closes the window. The window displays the issue number, what result was found on which URL by which check, a more detailed error message, where the issue was found (i.e. GET, POST, Cookie, PATH etc.) and what payload was used to penetrate the error.
Please notice: if there were issues found, Chorizo! will display a mad smiley on the right top corner of the console. If no issues were found, it will display a smiling smiley.
For a more detailed view on found security issues we made the Reports page on the Chorizo! website. You can reach this page with a click on the "Reports" link in the top navigation or pressing the "Reports" link in the Chorizo! UI or by selecting a specific test of the tests made on the front page. Once in the "Reports" section you will see an overview of the scans you made:
If you select one of these scan sessions, a global summary of all found security issues will be shown:
A click on one of the issues expands a window with extensive information about the specific security issue, its risk classification and (in the commercial version) how to fix this issue:
The Advisor will look like in the following screenshot. It provides you with in-depth know-how about the specific security issue and guides you to fixing it by showing code examples how to fix this specific issue:
Once again, this "Reports" page with the Advisor is currently only available in the commercial version of Chorizo!