Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'

3.93 avg rating
( 14 ratings by Goodreads )
 
9781597496049: Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'
View all copies of this ISBN edition:
 
 

Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.

  • Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
  • Looks at security tools like IDS/IPS that are often the only defense in protecting sensitive data and assets
  • Evaluates Web application vulnerabilties from the attacker's perspective and explains how these very systems introduce new types of vulnerabilities
  • Teaches how to secure your data, including info on browser quirks, new attacks and syntax tricks to add to your defenses against XSS, SQL injection, and more

"synopsis" may belong to another edition of this title.

About the Author:

Mario Heiderich is a Cologne, Germany-based freelancer and entrepreneur who is devoted to Web application development and security and is currently working on several projects while earning his Ph.D. at Ruhr University in Bochum. He graduated from the University of Applied Sciences in Friedberg/Hessen with a degree in media informatics, and has been working for several German and international companies as a developer and security consultant. In addition to being lead developer for the PHPIDS and author of a German book about Web application security, he has been a speaker at several conferences and a trainer for Web security classes around the world. His work is focused on client-side attacks and defense, especially markup, CSS, and JavaScript, on all major user agents.

Eduardo Alberto Vela Nava (Application Security Specialist) works as an information security researcher at Google, Inc., with the task of improving the security of Google and the Internet as a whole, by researching security problems and creating solutions to them. His primary focus is Web application security and browser/plug-in security. He has been a presenter focusing on Web security at several conferences around the world. He previously worked at Alibaba Cloud Computing and Hi5 Networks.

Gareth Heyes is based in the United Kingdom and does Web security contracting work and the occasional Web development project. He has been a speaker at the Microsoft BlueHat, Confidence Poland, and OWASP conferences, and is the author of many Web-based tools and sandboxes, including Hackvertor, JSReg, CSSReg, and HTMLReg.

David Lindsay is a senior security consultant with Cigital Inc., where he works with industry-leading financial, healthcare, and software companies helping to secure their critical applications. He provides professional assessments and remediation assistance in the form of penetration tests, architecture risk analysis, code review, and security training. He researches Web application security vulnerabilities focusing on emerging security issues related to new standards, frameworks, and architectures. He has spoken at many leading security events over the past few years, including the Microsoft BlueHat, BlackHat, and OWASP conferences.

David graduated from the University of Utah with a master's degree in mathematics.

Review:

"As the data stored in Web application systems becomes critical to business, the attacks against them are becoming increasingly complex. If you want to move your understanding beyond 'or 1=1--' this book provides the knowledge needed to bypass both filters and detection, crucial for both attack and defence." -- Andrew Waite, Security Researcher, InfoSanity Research

"Intended for advanced network security administrators, penetration testers and web application developers, this guide to web obfuscation presents an in depth technical discussion of the latest methods in site intrusion and Internet attacks. Chapters examine state of the art obfuscation attacks on major website components such as HTML, JavaScript and VBScript, CSS, PHP, SQL and web application firewalls. A final chapter discusses future problems such as the new HTML 5 standards and plug-in vulnerabilities. Chapters include numerous code examples in a variety of languages and formats. Heiderich is a web developer, Nava is a security researcher for Google, Heyes is a security contractor and Lindsay is a security consultant."--SciTechBookNews

"This is a very frightening book and I would advise any security architect to purchase a copy. It’s aimed at the bleeding edge of the technical security market, however, it really does hammer home how difficult security can become when faced with complex applications and protocols. The techniques used in the book are not trivial, but they do show us that the age of the firewall and the IDS may well be over, and the age of security by design has only just begun."--InfoSecReviews.com

"This is a deep technical read and anyone buying it should have a solid understanding of web technologies and some experience of web programming. I would say it is targeted at penetration testers and security architects, but to the security generalist it also opens up new frontiers when it comes to designing for security."--Best Hacking and Pen Testing Books in InfoSecReviews Book Awards

"About this title" may belong to another edition of this title.

Top Search Results from the AbeBooks Marketplace

1.

Heiderich, Mario
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Quantity Available: > 20
Seller:
Paperbackshop-US
(Wood Dale, IL, U.S.A.)
Rating
[?]

Book Description 2010. PAP. Condition: New. New Book. Shipped from US within 10 to 14 business days. Established seller since 2000. Seller Inventory # TE-9781597496049

More information about this seller | Contact this seller

Buy New
US$ 32.41
Convert currency

Add to Basket

Shipping: US$ 3.99
Within U.S.A.
Destination, rates & speeds

2.

Eduardo Alberto Vela Nava, Gareth Heyes, David Lindsay
Published by Syngress Media,U.S., United States (2011)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Paperback Quantity Available: 10
Seller:
Book Depository hard to find
(London, United Kingdom)
Rating
[?]

Book Description Syngress Media,U.S., United States, 2011. Paperback. Condition: New. Language: English . This book usually ship within 10-15 business days and we will endeavor to dispatch orders quicker than this where possible. Brand New Book. Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker s perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses. Seller Inventory # EOD9781597496049

More information about this seller | Contact this seller

Buy New
US$ 41.70
Convert currency

Add to Basket

Shipping: FREE
From United Kingdom to U.S.A.
Destination, rates & speeds

3.

Mario Heiderich, Eduardo Alberto Vela Nava, Gareth Heyes, David Lindsay
Published by Syngress (2010)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Paperback Quantity Available: 1
Seller:
Ergodebooks
(RICHMOND, TX, U.S.A.)
Rating
[?]

Book Description Syngress, 2010. Paperback. Condition: New. 1. Seller Inventory # DADAX1597496049

More information about this seller | Contact this seller

Buy New
US$ 48.46
Convert currency

Add to Basket

Shipping: US$ 3.99
Within U.S.A.
Destination, rates & speeds

4.

HEIDERICH, MARIO; VELA NAVA, EDUARDO ALBERTO; HEYES, GARETH; LINDSAY, DAVID
Published by Syngress (2011)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Paperback Quantity Available: 1
Seller:
Herb Tandree Philosophy Books
(Stroud, GLOS, United Kingdom)
Rating
[?]

Book Description Syngress, 2011. Paperback. Condition: NEW. 9781597496049 This listing is a new book, a title currently in-print which we order directly and immediately from the publisher. For all enquiries, please contact Herb Tandree Philosophy Books directly - customer service is our primary goal. Seller Inventory # HTANDREE0900228

More information about this seller | Contact this seller

Buy New
US$ 47.23
Convert currency

Add to Basket

Shipping: US$ 10.48
From United Kingdom to U.S.A.
Destination, rates & speeds

5.

Mario Heiderich; Eduardo Alberto Vela Nava; Gareth Heyes; David Lindsay
Published by Syngress (2010)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Softcover Quantity Available: 1
Seller:
Irish Booksellers
(Portland, ME, U.S.A.)
Rating
[?]

Book Description Syngress, 2010. Condition: New. book. Seller Inventory # M1597496049

More information about this seller | Contact this seller

Buy New
US$ 61.34
Convert currency

Add to Basket

Shipping: US$ 3.27
Within U.S.A.
Destination, rates & speeds

6.

Eduardo Alberto Vela Nava, Gareth Heyes, David Lindsay, Mario Heiderich
Published by Syngress Media,U.S. 2011-01-13 (2011)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Paperback Quantity Available: 5
Seller:
Chiron Media
(Wallingford, United Kingdom)
Rating
[?]

Book Description Syngress Media,U.S. 2011-01-13, 2011. Paperback. Condition: New. Seller Inventory # NU-ELSPD-00013071

More information about this seller | Contact this seller

Buy New
US$ 38.35
Convert currency

Add to Basket

Shipping: US$ 39.30
From United Kingdom to U.S.A.
Destination, rates & speeds

7.

Heiderich, Mario, Vela Nava, Eduardo Alb
Published by Syngress (2010)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Paperback Quantity Available: 2
Seller:
Murray Media
(NORTH MIAMI BEACH, FL, U.S.A.)
Rating
[?]

Book Description Syngress, 2010. Paperback. Condition: New. Never used!. Seller Inventory # P111597496049

More information about this seller | Contact this seller

Buy New
US$ 86.66
Convert currency

Add to Basket

Shipping: FREE
Within U.S.A.
Destination, rates & speeds

8.

Vela Nava, Eduardo Alberto/ Heyes, Gareth/ Lindsay, David/ Heiderich, Mario
Published by Syngress Media Inc (2010)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Paperback Quantity Available: 1
Seller:
Revaluation Books
(Exeter, United Kingdom)
Rating
[?]

Book Description Syngress Media Inc, 2010. Paperback. Condition: Brand New. 1st edition. 282 pages. 9.20x7.40x1.00 inches. In Stock. Seller Inventory # zk1597496049

More information about this seller | Contact this seller

Buy New
US$ 80.00
Convert currency

Add to Basket

Shipping: US$ 9.83
From United Kingdom to U.S.A.
Destination, rates & speeds

9.

Mario Heiderich
Published by Syngress (2010)
ISBN 10: 1597496049 ISBN 13: 9781597496049
New Paperback Quantity Available: 1
Seller:
Books Express
(Portsmouth, NH, U.S.A.)
Rating
[?]

Book Description Syngress, 2010. Paperback. Condition: New. 1. Ships with Tracking Number! INTERNATIONAL WORLDWIDE Shipping available. Buy with confidence, excellent customer service!. Seller Inventory # 1597496049n

More information about this seller | Contact this seller

Buy New
US$ 163.73
Convert currency

Add to Basket

Shipping: FREE
Within U.S.A.
Destination, rates & speeds