Rating:
(10 reviews)
Author: Mario Heiderich
ISBN : 1597496049
New from $25.14
Format: PDF
Free download Free Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert-' for everyone book with Mediafire Link Download Link
Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.
- Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets
- Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities
- Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more
Books with free ebook downloads available Free Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert-'
- Paperback: 282 pages
- Publisher: Syngress; 1 edition (December 10, 2010)
- Language: English
- ISBN-10: 1597496049
- ISBN-13: 978-1597496049
- Product Dimensions: 0.9 x 7.3 x 9 inches
- Shipping Weight: 1.4 pounds (View shipping rates and policies)
Free Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert-'
I had really no idea what to expect when I started reading Web Application Obfuscation (WAO). I hoped it would address attacks on Web technologies, perhaps including evasion methods, but beyond that I didn't even really know how to think about whatever problem this book might address. After finishing WAO, it's only appropriate to say "wow." In short, I had no idea that Web browsers (often called "user agents" in WAO) are so universally broken. Web browser developers would probably reply that they're just trying to handle as much broken HTML as possible, but the WAO authors show this approach makes Web "security" basically impossible. I recommend reading WAO to learn just how crazy one can be when interacting with Web apps.
Speaking of crazy: ch 4 was off the hook. For example, p 121 speaks of the "great Javascript Charwall" by saying: "6 is the fewest number of characters possible which allow arbitrary Javascript to be executed." What!? I had no idea anyone spent time on these sorts of issues, and worse, that intruders could use these techniques to evade a slew of security mechanisms. This was a primary strength of WAO: bringing the reader into a world where obfuscation is an obsession.
I liked many other aspects of WAO. The book was very thorough. For one example, check the table on p 27. For another, see the regex explanation with examples in ch 1. The book has many such sections where the authors offer great detail on the subject at hand. I also enjoyed the many references to outside work. Authors of all technical books should follow WAO's lead, because 1) it gives credit where due and 2) it shows the authors are aware of outside influences and up-to-date.