Normal view MARC view ISBD view

Web Application Obfuscation : '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'.

By: Heiderich, Mario.
Contributor(s): Nava, Eduardo Alberto Vela | Heyes, Gareth | Lindsay, David.
Material type: TextTextSeries: eBooks on Demand.Publisher: Saint Louis : Elsevier Science, 2014Copyright date: ©2011Description: 1 online resource (290 pages).Content type: text Media type: computer Carrier type: online resourceISBN: 9781597496056.Subject(s): Application software -- Development | Computer security | Cryptography | Electronic books. -- local | Internet programming | Web site developmentGenre/Form: Electronic books.Additional physical formats: Print version:: Web Application Obfuscation : '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'DDC classification: 005.8 LOC classification: QA76.625 -- .H46 2011Online resources: Click here to view this ebook.
Contents:
Front Cover -- Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' -- Copyright -- Contents -- Acknowledgments -- About the Authors -- About the Technical Editior -- Chapter 1: Introduction -- Audience -- Filtering basics -- Regular expressions -- Book organization -- Updates -- Summary -- Chapter 2: HTML -- History and overview -- Basic markup obfuscation -- Advanced markup obfuscation -- URIs -- Beyond HTML -- Summary -- Endnotes -- Chapter 3: JavaScript and VBScript -- Syntax -- Encodings -- Javascript Variables -- VBScript -- JScript -- E4X -- Summary -- Endnotes -- Chapter 4: Nonalphanumeric JavaScript -- Nonalphanumeric JavaScript -- Use Cases -- Summary -- Endnotes -- Chapter 5: CSS -- Syntax -- Algorithms -- Attacks -- Summary -- Chapter 6: PHP -- History and Overview -- Obfuscation in PHP -- Summary -- Endnotes -- Chapter 7: SQL -- SQL: A Short Introduction -- Summary -- Endnotes -- Chapter 8: Web application firewalls and client-side filters -- Bypassing WAFs -- Client-Side Filters -- Summary -- Endnotes -- Chapter 9: Mitigating bypasses and attacks -- Protecting Against Code Injections -- Protecting The DOM -- Summary -- Chapter 10: Future developments -- Impact On Current Applications -- HTML5 -- Other Extensions -- Plug-Ins -- Summary -- Index.
Summary: Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses. Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more.
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA76.625 -- .H46 2011 (Browse shelf) http://ebookcentral.proquest.com/lib/uttyler/detail.action?docID=625346 Available EBC625346

Front Cover -- Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' -- Copyright -- Contents -- Acknowledgments -- About the Authors -- About the Technical Editior -- Chapter 1: Introduction -- Audience -- Filtering basics -- Regular expressions -- Book organization -- Updates -- Summary -- Chapter 2: HTML -- History and overview -- Basic markup obfuscation -- Advanced markup obfuscation -- URIs -- Beyond HTML -- Summary -- Endnotes -- Chapter 3: JavaScript and VBScript -- Syntax -- Encodings -- Javascript Variables -- VBScript -- JScript -- E4X -- Summary -- Endnotes -- Chapter 4: Nonalphanumeric JavaScript -- Nonalphanumeric JavaScript -- Use Cases -- Summary -- Endnotes -- Chapter 5: CSS -- Syntax -- Algorithms -- Attacks -- Summary -- Chapter 6: PHP -- History and Overview -- Obfuscation in PHP -- Summary -- Endnotes -- Chapter 7: SQL -- SQL: A Short Introduction -- Summary -- Endnotes -- Chapter 8: Web application firewalls and client-side filters -- Bypassing WAFs -- Client-Side Filters -- Summary -- Endnotes -- Chapter 9: Mitigating bypasses and attacks -- Protecting Against Code Injections -- Protecting The DOM -- Summary -- Chapter 10: Future developments -- Impact On Current Applications -- HTML5 -- Other Extensions -- Plug-Ins -- Summary -- Index.

Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses. Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more.

Description based on publisher supplied metadata and other sources.

There are no comments for this item.

Log in to your account to post a comment.