GWT提供了高层次的混淆,从而可以将这个问题降低到一定程度,但是仍然存在次要攻击点:GWT客户机及其服务之间的HTTP通信量。
GWT provides a high level of obfuscation that mitigates the problem to a degree, but a secondary point of attack remains: any HTTP traffic that travels between your GWT client and its services.
攻击CFG生成进程也可以是通过混淆汇编代码以致它不能够正确地确定跳转指令的目标,比如使用寄存器指示跳转目标。
The CFG generation process can also be attacked by obfuscating the assembly code such that one cannot determine the correct target of a jump instruction, such as using a jump through register.
只要能使攻击者的攻击付出较高的代价,则可以认为混淆技术达到了安全保护的作用。
As long as the attacker is forced to pay a higher price, the code obfuscation technology can be considered reaching the effect of security protection.
应用推荐