E-Book, Englisch, 296 Seiten
Heiderich / Vela Nava / Heyes Web Application Obfuscation
1. Auflage 2011
ISBN: 978-1-59749-605-6
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
'-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'
E-Book, Englisch, 296 Seiten
ISBN: 978-1-59749-605-6
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses. - Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews - Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets - Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities - Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more
Mario Heiderich is a Cologne, Germany-based freelancer and entrepreneur who is devoted to Web application development and security and is currently working on several projects while earning his Ph.D. at Ruhr University in Bochum. He graduated from the University of Applied Sciences in Friedberg/Hessen with a degree in media informatics, and has been working for several German and international companies as a developer and security consultant. In addition to being lead developer for the PHPIDS and author of a German book about Web application security, he has been a speaker at several conferences and a trainer for Web security classes around the world. His work is focused on client-side attacks and defense, especially markup, CSS, and JavaScript, on all major user agents.
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Web Application Obfuscation: ‘-/WAFs..Evasion..Filters//alert(/Obfuscation/)-’;4
3;Copyright;5
4;Contents;6
5;Acknowledgments;10
6;About the Authors;12
7;About the Technical Editior;14
8;Chapter 1: Introduction;16
8.1;Audience;17
8.2;Filtering basics;17
8.3;Regular expressions;18
8.4;Book organization;24
8.5;Updates;26
8.6;Summary;26
9;Chapter 2: HTML;28
9.1;History and overview;28
9.2;Basic markup obfuscation;41
9.3;Advanced markup obfuscation;64
9.4;URIs;68
9.5;Beyond HTML;86
9.6;Summary;94
9.7;Endnotes;94
10;Chapter 3: JavaScript and VBScript;96
10.1;Syntax;96
10.2;Encodings;102
10.3;Javascript Variables;106
10.4;VBScript;112
10.5;JScript;115
10.6;E4X;117
10.7;Summary;119
10.8;Endnotes;119
11;Chapter 4: Nonalphanumeric JavaScript;120
11.1;Nonalphanumeric JavaScript;121
11.2;Use Cases;134
11.3;Summary;137
11.4;Endnotes;138
12;Chapter 5: CSS;140
12.1;Syntax;141
12.2;Algorithms;146
12.3;Attacks;147
12.4;Summary;163
13;Chapter 6: PHP;166
13.1;History and Overview;166
13.2;Obfuscation in PHP;168
13.3;Summary;189
13.4;Endnotes;190
14;Chapter 7: SQL;192
14.1;SQL: A Short Introduction;192
14.2;Summary;210
14.3;Endnotes;212
15;Chapter 8: Web application firewalls and client-side filters;214
15.1;Bypassing WAFs;215
15.2;Client-Side Filters;218
15.3;Summary;230
15.4;Endnotes;230
16;Chapter 9: Mitigating bypasses and attacks;232
16.1;Protecting Against Code Injections;233
16.2;Protecting The DOM;241
16.3;Summary;250
17;Chapter 10: Future developments;252
17.1;Impact On Current Applications;253
17.2;HTML5;259
17.3;Other Extensions;271
17.4;Plug-Ins;272
17.5;Summary;282
18;Index;284
