] = mysql_real_escape_string($_GET['id']);
> $query = "SELECT * FROM table WHERE id=".$sql['id']
It is true that GRASP won't raise an alarm unless $sql['id'] has
non-numeric characters. This was a design decision since our description
of an attack
Hi all,
We have just released an update for CORE GRASP (version 3). In this
version, we enhanced mark propagation by implementing marks inside pcre
module and provided a first step into cross-site scripting prevention,
which will be the focus of our next release. We also fixed some bugs. We
appre
The correct URL is http://grasp.coresecurity.com
Ezequiel Gutesman wrote:
> CORE GRASP for PHP is a web-application protection software aimed at
> detecting and blocking injection vulnerabilities and privacy violations.
> As mentioned during its presentation at Black Hat USA 2007,
CORE GRASP for PHP is a web-application protection software aimed at
detecting and blocking injection vulnerabilities and privacy violations.
As mentioned during its presentation at Black Hat USA 2007, GRASP is
being released as open source under the Apache 2.0 license and can be
obtained from http
