lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 22 Aug 2007 14:27:46 -0300
From: Ezequiel Gutesman <egutesman@...esecurity.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Announcement: Releasing CORE GRASP for PHP.
 An open source, dynamic web application protection system.

The correct URL is

http://grasp.coresecurity.com

Ezequiel Gutesman wrote:
> CORE GRASP for PHP is a web-application protection software aimed at
> detecting and blocking injection vulnerabilities and privacy violations.
> As mentioned during its presentation at Black Hat USA 2007, GRASP is
> being released as open source under the Apache 2.0 license and can be
> obtained from http://gasp.coresecurity.com/.
>
> The present implementation protects PHP 5.2.3 against SQL-injection
> attacks for the MySQL engine, it can be installed with almost the same
> effort as the PHP engine, both in Unix and Windows systems, and
> protection is immediate with any PHP web application running in the
> protected server.
>
> CORE GRASP works by enhancing the PHP execution engine (VM) to permit
> byte-level taint tracking and analysis for all the user-controlled or
> otherwise untrustable variables of the web application. Tainted bytes
> are then tracked and their taint marks propagated throughout the web
> application's runtime. Whenever the web application tries to interact
> with an DB backend using SQL statements that contain tainted bytes,
> GRASP analyzes the statment and detects and prevents attacks or abnormal
> actions.
>
> CORE GRASP was developed by CoreLabs, the research unit of Core Security
> Technologies. At CoreLabs, we plan to improve the tool and include new
> protections shortly. However, the invitation to collaborate with the
> project is open. If you would like to collaborate, please go to the
> GRASP website and subscribe to our mailing list.
>
> Project home: http://grasp.coresecurity.com/
> Documentation, presentation and papers:
> http://grasp.coresecurity.com/index.php?m=doc
> Download: http://grasp.coresecurity.com/index.php?m=dld
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ