Encoding vs obfuscation

Can anyone lemme know the clear difference between Obfuscation and Encoding.
Thanks.

Find more posts tagged with

Comments

Encoding is typically a reversible process, i.o.w. given the encryption method and possible keys it can be decoded back into its original format.

Obfuscation can be considered a type of encoding used to make it harder to read (or reverse engineer) source code. It achieves this by replacing strings and object/function/method names (for example) and other text that gives insight into what the code does, with other values that are hard to read and interpret. The code itself doesn't really change, for example, the source code for a certain program could include a variable called "thePassword", which an malicious individual could read from memory using several tools. After obfuscation the same variable might be called "asieowlgahb" making it hard to guess and far less obvious what the variable stores. Obfuscation makes source code harder to interpret for "humans" in particular. While running the eventual obfuscated and compiled program the code is not "de-obfuscated" or anything because for the computer it doesn't matter whether the password var is called "thePassword" or "asieowlgahb".

cryptmod

The word encoding is used to put obfuscate into context, it’s used to obscure something, so for instance I might want to “obfuscate” an this XXS attack by “encoding” the attack vector using url encode.

XXS attack gets obfuscated using url encoding.
<script> becomes %3c%73%63%72%69%70%74%3e

kpra

Thanks !

kpra

Can you pls let me know the difference between wireshark and ethereal tool??
Thanks

cryptmod

Same thing! Wireshark used to be known as Ethereal a few years ago.

kpra

Thank you.
I am looking for Fortify SCA tutorials.But looks likt they have Fortify 360 and Fortify on Demand wat is the difference between these two?
Is HP Web Inspect renamed to either of above or both are different.Its so much of confusion

can anyone help me with this?
Thanks.