de-obfuscating javascript

I really appreciate “how-to” sorts of posts as they can give people like myself actual insight in how to do things as opposed to the multitude of posts that teach me how to talk like I know how to do things (without actually doing things). Ack!

So this post at SANS is a welcome piece of information about de-obfuscating Javascript. It includes links to other techniques, analyzes how some current techniques are being defeated, and also includes a nice tool at the bottom.

If I were actually more into web application security, I’d totally be eating this up. But that’s not really a place I can focus much time right now. Maybe some other year. Until then, I love the hands-on posts. By the way, if you are interesting in webappsec and have a chance to move into that sphere, it’s quite the lucrative market right now.

Posted in web