Web Application Obfuscation
- Mario Heiderich
- Eduardo Alberto Vela Nava, Application Security Specialist, Information Security Researcher, Google, Inc.
- Gareth Heyes
- David Lindsay, Senior Security Consultant, Cigital, Inc.
Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.
Penetration testers, security consultants; IDS Developers; Security Tool Developers; WAF Implementers and Maintainers; Web Developers; and Sys/Net Admins
Paperback, 296 Pages
Published: December 2010
Chapter 1: Introduction
Chapter 2: HTML
Chapter 5: CSS
Chapter 6: PHP
Chapter 7: SQL
Chapter 8: Web Application Firewalls and Client-side Filters
Chapter 9: Mitigating Bypasses and Attacks
Chapter 10: Future Developments