Friday, April 01, 2011

Review of Web Application Obfuscation Posted just published my four star review of Web Application Obfuscation by Mario Heiderich, Eduardo Alberto Vela Nava, Gareth Heyes, David Lindsay. From the review:

I had really no idea what to expect when I started reading Web Application Obfuscation (WAO). I hoped it would address attacks on Web technologies, perhaps including evasion methods, but beyond that I didn't even really know how to think about whatever problem this book might address. After finishing WAO, it's only appropriate to say "wow." In short, I had no idea that Web browsers (often called "user agents" in WAO) are so universally broken. Web browser developers would probably reply that they're just trying to handle as much broken HTML as possible, but the WAO authors show this approach makes Web "security" basically impossible. I recommend reading WAO to learn just how crazy one can be when interacting with Web apps.

1 comment:

CG said...

I'm impressed you got through it. I gave up on it as it was "interesting" but not very actionable. I'll have to go check out Chapter 4 again though.