Freshly Printed - allow 10 days lead
Couldn't load pickup availability
Web Application Obfuscation
'-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'
Attackers are evading your security measures; find out how to stop the threat!
Mario Heiderich (Author), Eduardo Alberto Vela Nava (Author), Gareth Heyes (Author), David Lindsay (Author)
9781597496049, Elsevier Science
Paperback / softback, published 13 January 2011
296 pages, 25 illustrations
23.5 x 19 x 1.9 cm, 0.61 kg
"As the data stored in Web application systems becomes critical to business, the attacks against them are becoming increasingly complex. If you want to move your understanding beyond 'or 1=1--' this book provides the knowledge needed to bypass both filters and detection, crucial for both attack and defence." -- Andrew Waite, Security Researcher, InfoSanity Research "Intended for advanced network security administrators, penetration testers and web application developers, this guide to web obfuscation presents an in depth technical discussion of the latest methods in site intrusion and Internet attacks. Chapters examine state of the art obfuscation attacks on major website components such as HTML, JavaScript and VBScript, CSS, PHP, SQL and web application firewalls. A final chapter discusses future problems such as the new HTML 5 standards and plug-in vulnerabilities. Chapters include numerous code examples in a variety of languages and formats. Heiderich is a web developer, Nava is a security researcher for Google, Heyes is a security contractor and Lindsay is a security consultant."--SciTechBookNews "This is a very frightening book and I would advise any security architect to purchase a copy. It’s aimed at the bleeding edge of the technical security market, however, it really does hammer home how difficult security can become when faced with complex applications and protocols. The techniques used in the book are not trivial, but they do show us that the age of the firewall and the IDS may well be over, and the age of security by design has only just begun."--InfoSecReviews.com "This is a deep technical read and anyone buying it should have a solid understanding of web technologies and some experience of web programming. I would say it is targeted at penetration testers and security architects, but to the security generalist it also opens up new frontiers when it comes to designing for security."--Best Hacking and Pen Testing Books in InfoSecReviews Book Awards
Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.
Chapter 1: Introduction Chapter 2: HTML Chapter 3: JavaScript and VBScript Chapter 4: Nonalphanumeric JavaScript Chapter 5: CSS Chapter 6: PHP Chapter 7: SQL Chapter 8: Web Application Firewalls and Client-side Filters Chapter 9: Mitigating Bypasses and Attacks Chapter 10: Future Developments
Subject Areas: Computer security [UR]
