September 2009 Archives

Graudit version 1.2 is finally out. Here It fixes several gripes I've (and other) had with some of the signatures. There are less false positives, the default signatures are aimed easier to detect vulnerabilities, there is a new signature set called other which focuses more on comments left by developers. Some bug fixes and better POSIX compliance for graudit. Better documentation (should be better still). And finally, if you get yours from github there is a Makefile and a basic test harness in place to ensure that future releases remain "quality".

Most notably though, the signature changes is what most people will enjoy.

You can obtain the latest version from the graudit download page.

Benchmarking might not be the correct term as graudit does not have the capacity to determine if a signature match is in fact a vulnerability or not. It only highlights a potential problem area so you can pay closer attention to it. Like most signature based approaches it does stand a fairly good chance of catching low hanging fruit, but certain kind of vulnerabilities will remain impossible to detect. None-the-less I am aiming to improve the standard of the signature sets, so from now on graudit will be "benchmarked" on each release.

To avoid writing signatures for specific vulnerabilities I am using two vulnerable applications to benchmark graudit with;

* Multillidae
* Damn Vulnerable Web Application

My hope is to approximate 100% low and 75% medium detection rate by version 2.0. Now to find some non PHP equivalents for the other languages.