Chapter 1 - Introduction

Abstract

Many of the security measures used to protect Web applications are frequently inadequate. Obfuscation techniques can be used to hide malicious Web attacks. These techniques are starting to be actively used in Web attacks, and people will be better able to defend against them if they have knowledge on the issue. This chapter introduces Web application obfuscation and highlights who will benefit from reading the book. The chapter provides a high-level explanation of how filtering works, followed by a brief introduction to regular expressions. Various topics such as obfuscation and attack techniques related to HTML, JavaScript, VBScript, CSS, PHP, and SQL are introduced. The process of how attackers are able to bypass security measures such as input filters, output encoding routines, Web application firewalls (WAFs), Web-based intrusion detection and prevention systems, and so forth are introduced. Security techniques and general principles that can be used to build more secure applications that are immune to such techniques are elaborated. By learning the obfuscation and attack techniques discussed the user will be able to better assess the security of applications, identify insufficient security protections, and build stronger security controls. The users are encouraged to try out the various techniques so that they learn the ideas much more thoroughly and have a better understanding and appreciation for the deep field of Web application security.