This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Web-based Malware obfuscation: the kung-fu and the detection

Jump to: navigation, search

Web-based Malware obfuscation: the kung-fu and the detection, Wayne Huang (CEO, Armorize) (50 min)

Web-based malware, specifically, drive-by-downloads, have been rapidly evolving. Web-based malware are written mostly in script languages, whose dynamic features make it easy for obfuscation and therefore difficult for static detection. Recently, many new obfuscation methods have been observed, some of which actually took malware obfuscation to the next era--they were malware steganography methods instead of obfuscation. This talk discusses what Web-based malware are, what threats they bring, why they are difficult to detect, and discuss free resources within OWASP and also free ones outside of OWASP, that can help us flight this threat.