Mario Heiderich - Web Application Obfuscation
Here you can read online Mario Heiderich - Web Application Obfuscation full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. City: Boston;Amsterdam, year: 2011, publisher: Elsevier Science;Elsevier;Syngress, genre: Home and family. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Web Application Obfuscation
- Author:
- Publisher:Elsevier Science;Elsevier;Syngress
- Genre:
- Year:2011
- City:Boston;Amsterdam
- Rating:3 / 5
- Favourites:Add to favourites
- Your mark:
Web Application Obfuscation: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Web Application Obfuscation" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Cover13; -- Web Application Obfuscation: 8216;-/WAFs. Evasion. Filters//alert(/Obfuscation/)-8217; -- Copyright -- Contents -- Acknowledgments -- About the Authors -- About the Technical Editior -- Chapter 1: Introduction -- Audience -- Filtering basics -- Regular expressions -- Book organization -- Updates -- Summary -- Chapter 2: HTML -- History and overview -- Basic markup obfuscation -- Advanced markup obfuscation -- URIs -- Beyond HTML -- Summary -- Endnotes -- Chapter 3: JavaScript and VBScript -- Syntax -- Encodings -- Javascript Variables -- VBScript -- JScript -- E4X -- Summary -- Endnotes -- Chapter 4: Nonalphanumeric JavaScript -- Nonalphanumeric JavaScript -- Use Cases -- Summary -- Endnotes -- Chapter 5: CSS -- Syntax -- Algorithms -- Attacks -- Summary -- Chapter 6: PHP -- History and Overview -- Obfuscation in PHP -- Summary -- Endnotes -- Chapter 7: SQL -- SQL: A Short Introduction -- Summary -- Endnotes -- Chapter 8: Web application firewalls and client-side filters -- Bypassing WAFs -- Client-Side Filters -- Summary -- Endnotes -- Chapter 9: Mitigating bypasses and attacks -- Protecting Against Code Injections -- Protecting The DOM -- Summary -- Chapter 10: Future developments -- Impact On Current Applications -- HTML5 -- Other Extensions -- Plug-Ins -- Summary -- Index.;Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attackers perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses. Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets Evaluates Web application vulnerabilties from the attackers perspective and explains how these very systems introduce new types of vulnerabilities Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more.
Mario Heiderich: author's other books
Who wrote Web Application Obfuscation? Find out the surname, the name of the author of the book and a list of all author's works by series.
Mario Heiderich
Summary Genie
Recorded Books Inc.
Miller
Nance
Crosby Harry
Greenblatt
Richard Lawson
Web Application Obfuscation — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Web Application Obfuscation" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Front matter
Web Application Obfuscation
Web Application Obfuscation
-/WAFs..Evasion..Filters//alert(/Obfuscation/)-
Mario Heiderich
Eduardo Alberto Vela Nava
Gareth Heyes
David Lindsay
Copyright 2011 Elsevier Inc.. All rights reserved.
Copyright
Acquiring Editor: Rachel Roumeliotis
Development Editor: Matthew Cater
Project Manager: Danielle S. Miller
Designer: Alisa Andreola
Syngress is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
2011 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher's permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Heiderich, Mario.
Web application obfuscation / Mario Heiderich [et al.].
p. cm.
Includes bibliographical references.
ISBN 978-1-59749-604-9 (pbk.)
1. Internet programming. 2. Computer security. 3. Web site development. 4. Application softwareDevelopment. 5. Cryptography. I. Title.
QA76.625.H46 2010
005.8dc22201004209
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-604-9
Printed in the United States of America
101112131410987654321
For information on all Syngress publications visit our website at www.syngress.com
Acknowledgments
Mario Heiderich
First I would like to thank my coauthors, for giving me the chance to participate in this awesome project, and especially Eduardo, who asked me some months ago if I was interested in this exciting venture. I had no time at allneither then nor the weeks and months that followedbut I could not say no!
Thanks to my friends, coworkers, and team partners in Cologne, Bochum, India, New York, and around the world, who constantly had to listen to my gibberish about this book, eccentric JavaScript vectors, markup obfuscation, and breaking filters. I hope it was not too tedious, and I'm sorry if I broke your filters and protection mechanisms all the time. I know well enough that developing Web sites is a terrible job. Special thanks go to Markus, Johannes, and Arno. Thanks also to Jacek for the same things mentioned earlier; it was always a pleasure working with you.
Same for Dr. Girlfriendyou had to bear with me drifting away to obfuscation land often enough. I hope I can stress your patience with that for some more years and God bless the dress! Thanks a lot for being there and for being awesome.
Thanks go also to the sla.ckers.org users who contributed knowledge and helped discover the fun in browser and Web security, stole my precious time with amazing contests, and helped me as well as the whole team to advance and gain more insight into the quirky browser world day by day. Edward, Dave, Adam, Arshan, and others, you have written and continue to write nice filters. I'm sorry for breaking them now and then. Many thanks go to Roberto Salgado for helping with the SQL chapter.
Last but not least, thanks to my family and, especially, to my baby brother, who understood nonalphanumeric JavaScript obfuscation in half an hour and even helped me shorten a vector for a challenge by one characterwithout even knowing JavaScript.
And nowmotor sports!
Eduardo Alberto Vela Nava (a.k.a. sirdarckcat)
First I would like to thank my wife, Zheng Yi, who followed me all the way from China to share her life with me on the other side of the world; my mother and mi abuelita for always supporting me to do what I like; and all my friends and family for being there when I needed them.
I would also like to thank my colleagues and friends at Google and Alibaba for allowing me to learn so much from them, as well as the place that made me love security, elhacker.net. Thank you all.
Gareth Heyes
First I would like to thank my wife, Samantha, for her patience while I wrote this book, and for always being there. You are truly my inspiration every day. I would also like to thank my beautiful little girl, Chloe, for making me watch Shrek a million times (I never got bored) and lighting up our world.
I would like to thank Eduardo, Mario, and David for allowing me to work with them on this book and for being generally awesome.
Finally, I would like to thank the slackers and security community for finding and posting brilliant research, Dave Ross for taking a chance on me and building great things, and Manuel Caballero for being the most innovative and brilliant colleague I've ever worked with.
David Lindsay
Thanks to Eduardo, Mario, and Gareth for being great to work with on this book, and for being awesome friends in general. Thanks to Romain Gaucher, Mike Cooper, Jayson Christianson, John Pursglove, and many other former and current colleagues for teaching me almost everything I know about security. Thanks to my parents, Jim and Kathryn, for teaching me how to think critically and embrace who I am. Finally, thanks to my family, Tina and Lydia, for their patience, understanding, and continuous support, and for making it all worth it.
Thanks to all the sla.ckers (wisec, billy rios, kuza55, lever one, reiners, yosuke hasegawa, giorgio maone, cabala, rsnake, dross, and everyone else we may have forgotten to mention) for sharing so much in a public forum for everyone to learn from.
About the Authors
Mario Heiderich is a Cologne, Germany-based freelancer and entrepreneur who is devoted to Web application development and security and is currently working on several projects while earning his Ph.D. at Ruhr University in Bochum. He graduated from the University of Applied Sciences in Friedberg/Hessen with a degree in media informatics, and has been working for several German and international companies as a developer and security consultant. In addition to being lead developer for the PHPIDS and author of a German book about Web application security, he has been a speaker at several conferences and a trainer for Web security classes around the world. His work is focused on client-side attacks and defense, especially markup, CSS, and JavaScript, on all major user agents.
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Similar books «Web Application Obfuscation»
Look at similar books to Web Application Obfuscation. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Summary Genie
Recorded Books Inc.
Miller
Nance
Crosby Harry
Greenblatt
Richard Lawson
Reviews about «Web Application Obfuscation»
Discussion, reviews of the book Web Application Obfuscation and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.