Encoding vs obfuscation

kprakpra Posts: 11Member ■□□□□□□□□□
Can anyone lemme know the clear difference between Obfuscation and Encoding.
Thanks.

Comments

  • WebmasterWebmaster Posts: 10,292Admin Admin
    Encoding is typically a reversible process, i.o.w. given the encryption method and possible keys it can be decoded back into its original format.

    Obfuscation can be considered a type of encoding used to make it harder to read (or reverse engineer) source code. It achieves this by replacing strings and object/function/method names (for example) and other text that gives insight into what the code does, with other values that are hard to read and interpret. The code itself doesn't really change, for example, the source code for a certain program could include a variable called "thePassword", which an malicious individual could read from memory using several tools. After obfuscation the same variable might be called "asieowlgahb" making it hard to guess and far less obvious what the variable stores. Obfuscation makes source code harder to interpret for "humans" in particular. While running the eventual obfuscated and compiled program the code is not "de-obfuscated" or anything because for the computer it doesn't matter whether the password var is called "thePassword" or "asieowlgahb".
  • cryptmodcryptmod Posts: 8Member ■□□□□□□□□□
    The word encoding is used to put obfuscate into context, it’s used to obscure something, so for instance I might want to “obfuscate” an this XXS attack by “encoding” the attack vector using url encode.

    XXS attack gets obfuscated using url encoding.
    <script> becomes %3c%73%63%72%69%70%74%3e
  • kprakpra Posts: 11Member ■□□□□□□□□□
    Thanks !
  • kprakpra Posts: 11Member ■□□□□□□□□□
    Can you pls let me know the difference between wireshark and ethereal tool??
    Thanks
  • cryptmodcryptmod Posts: 8Member ■□□□□□□□□□
    Same thing! Wireshark used to be known as Ethereal a few years ago.
  • kprakpra Posts: 11Member ■□□□□□□□□□
    Thank you.
    I am looking for Fortify SCA tutorials.But looks likt they have Fortify 360 and Fortify on Demand wat is the difference between these two?
    Is HP Web Inspect renamed to either of above or both are different.Its so much of confusion :)
    can anyone help me with this?
    Thanks.
Sign In or Register to comment.