The correct URL is http://grasp.coresecurity.com Ezequiel Gutesman wrote: > CORE GRASP for PHP is a web-application protection software aimed at > detecting and blocking injection vulnerabilities and privacy violations. > As mentioned during its presentation at Black Hat USA 2007, GRASP is > being released as open source under the Apache 2.0 license and can be > obtained from http://gasp.coresecurity.com/. > > The present implementation protects PHP 5.2.3 against SQL-injection > attacks for the MySQL engine, it can be installed with almost the same > effort as the PHP engine, both in Unix and Windows systems, and > protection is immediate with any PHP web application running in the > protected server. > > CORE GRASP works by enhancing the PHP execution engine (VM) to permit > byte-level taint tracking and analysis for all the user-controlled or > otherwise untrustable variables of the web application. Tainted bytes > are then tracked and their taint marks propagated throughout the web > application's runtime. Whenever the web application tries to interact > with an DB backend using SQL statements that contain tainted bytes, > GRASP analyzes the statment and detects and prevents attacks or abnormal > actions. > > CORE GRASP was developed by CoreLabs, the research unit of Core Security > Technologies. At CoreLabs, we plan to improve the tool and include new > protections shortly. However, the invitation to collaborate with the > project is open. If you would like to collaborate, please go to the > GRASP website and subscribe to our mailing list. > > Project home: http://grasp.coresecurity.com/ > Documentation, presentation and papers: > http://grasp.coresecurity.com/index.php?m=doc > Download: http://grasp.coresecurity.com/index.php?m=dld > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
