Web Application Obfuscation
eBook - ePub

Web Application Obfuscation

'-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'

  1. 296 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Web Application Obfuscation

'-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'

About this book

Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.- Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews- Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets- Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities- Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Chapter 1. Introduction
Information in this chapter:
• Audience
• Filtering Basics
• Regular Expressions
• Book Organization
Abstract:
It seems like everyone is connected to the Internet nowadays. Whether it is to watch a favorite TV show, read the latest best-seller, pay bills, or socialize with friends near and far, people are turning to their Internet connection for its speed, flexibility, and reach. Enabling this connectivity are Web applications that allow access to the resources necessary to perform these activities. Unfortunately, many of the security measures used to protect Web applications are inadequate, allowing attackers to identify and exploit weaknesses to compromise the applications. This chapter discusses the goal of this book, which is to highlight the weaknesses in Web application security measures today. In addition to discussing the book's audience, the chapter explains how filtering works and introduces the subject of regular expressions. The chapter concludes with a preview of the remaining chapters, which include obfuscation and attack techniques related to HTML, JavaScript, VBScript, CSS, PHP, and SQL.
Key words: Web obfuscation, Filter, Blacklist, Whitelist, Regular expression, Regular expression pattern, Regular expression character, Greedy, Nongreedy, Restricted repetition
The reach of the Internet is expanding on a daily basis. Devices such as thermostats and televisions include Internet connectivity. Offline activities such as reading a book and socializing are increasingly becoming online activities. Behind the scenes, enabling this connectivity are countless Web applications allowing devices, people, and other applications to access whatever resources they need. Having access to these Web applications is quickly turning from a nicety to a necessity.
Consider the security aspects of a simple transaction such as buying a book from an online retailer. After selecting the book you wish to purchase on the retailer's Web site, you enter your password to authenticate yourself to the shopping cart application. The network traffic between you and the server is encrypted to ensure the confidentiality of your password and your credit card number used to pay for the book. You provide certain personal details about you and your credit card to ensure that no one has stolen your card. Each of these steps includes security measures to ensure the confidentiality of the transaction. Although these security measures are directly visible to end users, the book retailer likely takes many other security measures to protect the application and end users. For example, the Web application may validate data coming from the user to ensure that it does not contain malicious data. Queries to the database may be parameterized so that an attacker cannot send malicious queries to the database. Transaction tokens may be used to ensure that the incoming requests were not maliciously initiated.
Unfortunately, many of the security measures used to protect Web applications are frequently inadequate. An attacker who can identify weaknesses in various security measures can usually find ways to exploit the weakness to compromise the application in one form or another. The purpose of this book is to highlight many types of weaknesses in Web application security measures. In particular, we will focus on little-known obfuscation techniques that can be used to hide malicious Web attacks. These techniques are starting to be actively used in Web attacks, and by shining a light on them, people will be better able to defend against them.
Audience
The information contained in this book is highly technical. Nevertheless, the intent is to present the information in understandable and accessible ways. Penetration testers, security researchers, incident responders, quality assurance testers, application developers, and application architects will all greatly benefit from the contents herein. Additionally, information security and software development prof...

Table of contents

  1. Cover Image
  2. Table of Contents
  3. Front matter
  4. Copyright
  5. Acknowledgments
  6. About the Authors
  7. About the Technical Editor
  8. Chapter 1. Introduction
  9. Chapter 2. HTML
  10. Chapter 3. JavaScript and VBScript
  11. Chapter 4. Nonalphanumeric JavaScript
  12. Chapter 5. CSS
  13. Chapter 6. PHP
  14. Chapter 7. SQL
  15. Chapter 8. Web application firewalls and client-side filters
  16. Chapter 9. Mitigating bypasses and attacks
  17. Chapter 10. Future developments
  18. Index

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Web Application Obfuscation by Mario Heiderich,Eduardo Alberto Vela Nava,Gareth Heyes,David Lindsay in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.