Table of Contents
1 Introduction .................................................................................................................................... 4
2 Unicode Background .................................................................................................................... 4
2.1 Brief History of Character Encodings .......................................................................................................... 4
2.2 Brief Introduction to Unicode ......................................................................................................................... 4
2.2.1 Code Points .................................................................................................................................................... 5
2.3 Character Encoding ............................................................................................................................................. 6
2.4 Character Escape Sequences and Entity References ............................................................................. 7
2.5 Focus Points for Security Testing .................................................................................................................. 8
3 Visual Spoofing ............................................................................................................................... 9
3.1 Problem Backgrounder .................................................................................................................................... 10
3.2 State of modern software ................................................................... Error! Bookmark not defined.
3.2.1 Web Browsers ............................................................................... Error! Bookmark not defined.
3.2.2 Email Clients .................................................................................. Error! Bookmark not defined.
3.2.3 Web-applications .................................................................... Error! Bookmark not defined.18
3.2.4 Other ................................................................................................. Error! Bookmark not defined.
3.3 Standards and Guidance ..................................................................... Error! Bookmark not defined.
3.4 Visual Spoofing Attacks ...................................................................... Error! Bookmark not defined.
3.4.1 Lookalikes and Counterfeits ................................................... Error! Bookmark not defined.
3.5 Defenses and Solutions ....................................................................... Error! Bookmark not defined.
4 Character and String Transformation Vulnerability ........................................................ 9
4.1 Round-trip conversions: a common pattern ............................................................................................. 9
4.2 Best-Fit Mappings .............................................................................................................................................. 10
4.2.1 Guidance and Tooling ............................................................................................................................. 12
4.2.2 Tools ............................................................................................................................................................... 12
4.3 Charset transcoding and character mappings .......................... Error! Bookmark not defined.
4.3.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.
4.3.2 Tools .................................................................................................. Error! Bookmark not defined.
4.4 Normalization ......................................................................................... Error! Bookmark not defined.
4.4.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.
4.4.2 Tools .................................................................................................. Error! Bookmark not defined.
评论0
最新资源