Heiderich, Mario.

Web Application Obfuscation : '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' - Saint Louis : Elsevier Science, 2014. - 1 online resource (290 p.) - eBooks on Demand .

Front Cover; Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'; Copyright; Contents; Acknowledgments; About the Authors; About the Technical Editior; Chapter 1: Introduction; Audience; Filtering basics; Regular expressions; Book organization; Updates; Summary; Chapter 2: HTML; History and overview; Basic markup obfuscation; Advanced markup obfuscation; URIs; Beyond HTML; Summary; Endnotes; Chapter 3: JavaScript and VBScript; Syntax; Encodings; Javascript Variables; VBScript; JScript; E4X; Summary; Endnotes; Chapter 4: Nonalphanumeric JavaScript Nonalphanumeric JavaScriptUse Cases; Summary; Endnotes; Chapter 5: CSS; Syntax; Algorithms; Attacks; Summary; Chapter 6: PHP; History and Overview; Obfuscation in PHP; Summary; Endnotes; Chapter 7: SQL; SQL: A Short Introduction; Summary; Endnotes; Chapter 8: Web application firewalls and client-side filters; Bypassing WAFs; Client-Side Filters; Summary; Endnotes; Chapter 9: Mitigating bypasses and attacks; Protecting Against Code Injections; Protecting The DOM; Summary; Chapter 10: Future developments; Impact On Current Applications; HTML5; Other Extensions; Plug-Ins; Summary; Index

Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduc

9781597496056 89.91 (UA),59.94 (1U)


Application software - Development.
Application software -- Development.
Computer security.
Computer security.
Cryptography.
Cryptography.
Internet programming.
Internet programming.


Electronic books.

QA76.625

005.8