'-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'

Web Application Obfuscation Web applications are used every day by millions of users which is why these are one of the most popular attack vectors for hackers. Obfuscation of malicious code has allowed attackers to take one attack and create hundreds if not millions of variants that can try to evade your security measures. Web Application Obfuscation takes a look at common security tools, IDSs, IPSs, and WAFs from an attacker's perspective, allowing the reader to understand the shortcomings of their security systems. Find out how an attacker would bypass different types of security, how these very security controls introduce new types of vulnerabilities, and how to avoid these and strength your defenses.

This site works as an extension of the book, and enlists a set of resources and tools for the reader of the book.

Errors?

If you find any vectors or techniques which are not working as described, please check if an update has been provided in the Errata section. If not, you can file a bug with us so we can make an update here.

Code!

To check the source mentioned in the book organized by chapter check source code.

Videos

To view a set of resources (videos, presentations, etc..) check the Multimedia section.