Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: CORE GRASP for PHP - Web-Application Protection Software

> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Monday, August 27, 2007 6:07 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [TOOL] CORE GRASP for PHP - Web-Application
> Protection Software
> CORE GRASP for PHP - Web-Application Protection Software
> CORE GRASP for PHP is a web-application protection software
> aimed at detecting and blocking injection vulnerabilities and
> privacy violations.
> The present implementation protects PHP 5.2.3 against
> SQL-injection attacks for the MySQL engine, it can be
> installed with almost the same effort as the PHP engine, both
> in Unix and Windows systems, and protection is immediate with
> any PHP web application running in the protected server.
> CORE GRASP works by enhancing the PHP execution engine (VM)
> to permit byte-level taint tracking and analysis for all the
> user-controlled or otherwise untrustable variables of the web
> application. Tainted bytes are then tracked and their taint
> marks propagated throughout the web application's runtime.
> Whenever the web application tries to interact with an DB
> backend using SQL statements that contain tainted bytes,
> GRASP analyzes the statement and detects and prevents attacks
> or abnormal actions.
> CORE GRASP was developed by CoreLabs, the research unit of
> Core Security Technologies. At CoreLabs, we plan to improve
> the tool and include new protections shortly. However, the
> invitation to collaborate with the project is open. If you
> would like to collaborate, please go to the GRASP website and
> subscribe to our mailing list.
> Additional Information:
> The information has been provided by Ezequiel Gutesman
> <mailto:egutesman@xxxxxxxxxxxxxxxx> .
> To keep updated with the tool visit the project's homepage
> at: http://grasp.coresecurity.com/


Copyright © Lexa Software, 1996-2009.