Elsevier Web Application Obfuscation 296pages software manual

'-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'

By
Mario Heiderich
Eduardo Alberto Vela Nava, Application Security Specialist, Information Security Researcher, Google, Inc.
Gareth Heyes
David Lindsay, Senior Security Consultant, Cigital, Inc.

Description
Web applications are used every day by millions of users, which is why they are one of the most popular vectors for attackers. Obfuscation of code has allowed hackers to take one attack and create hundreds-if not millions-of variants that can evade your security measures. Web Application Obfuscation takes a look at common Web infrastructure and security controls from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security controls, how these very security controls introduce new types of vulnerabilities, and how to avoid common pitfalls in order to strengthen your defenses.

Audience:
Penetration testers, security consultants; IDS Developers; Security Tool Developers; WAF Implementers and Maintainers; Web Developers; and Sys/Net Admins