Comments on: CORE GRASP (potential) pitfalls

By: 37Gqfff22.com

37Gqfff22.com — Thu, 24 Jul 2025 05:46:14 +0000

My coder is trying to persuade me to move to .net
from PHP. I have always disliked the idea because of the expenses.

But he’s tryiong none the less. I’ve been using WordPress on various websites for about
a year and am anxious about switching to another
platform. I have heard excellent things about blogengine.net.
Is there a way I can import all my wordpress content into
it? Any kind of help would be really appreciated!

By: 37Gq22.com

37Gq22.com — Tue, 01 Jul 2025 19:18:52 +0000

Since the admin of this website is working, no uncertainty very soon it will be renowned,
due to its quality contents.

By: Wednesday

Wednesday — Wed, 13 Mar 2024 23:28:59 +0000

Do you mind if I quote a few of your articles as long as I provide credit and sources back to your blog?
My blog is in the very same area of interest as yours and my visitors would truly benefit from a lot of the information you present here.
Please let me know if this okay with you. Regards!

By: Marvel

Marvel — Wed, 13 Mar 2024 23:27:26 +0000

If you desire to get a great deal from this article then you have to apply such methods to your won website.

By: Keaton

Keaton — Wed, 13 Mar 2024 23:22:52 +0000

My brother suggested I might like this website. He was entirely right.
This post actually made my day. You cann’t imagine simply how
much time I had spent for this info! Thanks!

By: Kathaleen

Kathaleen — Wed, 13 Mar 2024 23:22:42 +0000

Hello there! I know this is kinda off topic however ,
I’d figured I’d ask. Would you be interested in trading links or maybe guest authoring
a blog article or vice-versa? My blog goes over a lot of the same
topics as yours and I think we could greatly benefit from each other.

If you are interested feel free to shoot me an email. I look forward to hearing from
you! Great blog by the way!

By: Genae

Genae — Wed, 13 Mar 2024 23:07:32 +0000

Appreciate the recommendation. Will try it out.

By: Genice

Genice — Wed, 13 Mar 2024 23:06:37 +0000

Great site. A lot of useful info here. I am sending it to several friends ans also sharing in delicious.
And naturally, thanks for your effort!

By: Codex Securitatis » Blog Archive » Vale mundum!

Codex Securitatis » Blog Archive » Vale mundum! — Thu, 21 Feb 2008 18:43:30 +0000

[…] CORE GRASP (potential) pitfalls The Unexpected SQL Injection The Curse of Magic Quotes […]

By: ivan

ivan — Fri, 24 Aug 2007 00:54:38 +0000

Those are interesting observations but not necessarily *design* flaws.
Currently can use GRASP to apply and propagate taint marks on a number of input sources (GET/POST/COOKIE/etc), there is nothing in the *design* that prevents application of the same concept to other input sources. Specifically (you outline this in our blog), Grasp can be extended to implement application of taint marks on database input. in fact, that also has a potential privacy-enhancing benefit, using that you con not only prevent you ’second order injections’ but also prevent (to a certain extent) confidential DB data from leaking out disregarding of how the PHP application chooses to use it.

As for an attack on the FSMs, that may or may not be possible in theory (I really haven’t checked) but in practice it is quite unlikely that a normal PHP application will purposely make queries with SQL statements that have more than a few levels of recursion.

Regarding the performance issues pointed out there are a few things to be said. First, that the performance optimizations of the current version are really very basic: a fully-tainted or fully-untainted string does not consume 1 taint byte per byte in the string but just a single byte while strings with mixed source bytes do consume one taint byte per string byte. There are several ways to optimize this to reduce the memory footprint and the taint-propagation runtime. Note also that the current implementation has an overhead of 1-byte per taint mark when in theory just 1-bit would be necessary, on the other hand the use of an entire byte allows for extensions to the meaning of the taint mark. Second, the 30% performance hit numbers are the *worst case scenario*, that is when all inputs are sensitive sinks and all strings have mixed sources. this is not the average case for common PHP applications.

In sum, Grasp for PHP is in its infancy and there’s still a lot of room for improvements, optimizations and new ideas. I would not dismiss it right away without giving it a try…