Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.
|
Other editions - View all
Common terms and phrases
actual alert alert(1 allows application arbitrary array ASCII attack backslash basic browser bypass chapter characters charset Chromium client-side cookies create cross-site scripting cross-site scripting filters crossdomain.xml data URIs database DBMS DBMSs detect developers discuss DOCTYPE document domain double quotes echo element encoding entities escape eval event handlers execute JavaScript Firefox following code following example function header hexadecimal HTML5 iframe implemented input inside Internet Explorer Java JavaScript code language Let us look malicious markup match method Microsoft MySQL NoScript nullbyte obfuscated code obfuscation techniques object Opera parser parsing payload plug-ins possible PostgreSQL preceding code problem query regular expression request sandbox scenario script type="text/javascript SELECT server snippet specification SQL injection standard style attributes stylesheet syntax Table targeted tion Unicode URI scheme user agents valid variable VBScript vector vulnerability window XHTML