Search and Find
Service
Front Cover
1
Web Application Obfuscation: ‘-/WAFs..Evasion..Filters//alert(/Obfuscation/)-’
4
Copyright
5
Contents
6
Acknowledgments
10
About the Authors
12
About the Technical Editior
14
Chapter 1: Introduction
16
Audience
17
Filtering basics
17
Regular expressions
18
Book organization
24
Updates
26
Summary
26
Chapter 2: HTML
28
History and overview
28
Basic markup obfuscation
41
Advanced markup obfuscation
64
URIs
68
Beyond HTML
86
Summary
94
Endnotes
94
Chapter 3: JavaScript and VBScript
96
Syntax
96
Encodings
102
Javascript Variables
106
VBScript
112
JScript
115
E4X
117
Summary
119
Endnotes
119
Chapter 4: Nonalphanumeric JavaScript
120
Nonalphanumeric JavaScript
121
Use Cases
134
Summary
137
Endnotes
138
Chapter 5: CSS
140
Syntax
141
Algorithms
146
Attacks
147
Summary
163
Chapter 6: PHP
166
History and Overview
166
Obfuscation in PHP
168
Summary
189
Endnotes
190
Chapter 7: SQL
192
SQL: A Short Introduction
192
Summary
210
Endnotes
212
Chapter 8: Web application firewalls and client-side filters
214
Bypassing WAFs
215
Client-Side Filters
218
Summary
230
Endnotes
230
Chapter 9: Mitigating bypasses and attacks
232
Protecting Against Code Injections
233
Protecting The DOM
241
Summary
250
Chapter 10: Future developments
252
Impact On Current Applications
253
HTML5
259
Other Extensions
271
Plug-Ins
272
Summary
282
Index
284
All prices incl. VAT