Heidi is a hacker who is trying to avoid detection by using various encoding techniques. What type of web application threat is she using?

The correct answer is obfuscation application, which refers to techniques used to obscure or confuse the intended meaning of data or code. In the context of web application threats, hackers like Heidi employ obfuscation to hide malicious activities and evade detection mechanisms. By encoding scripts, messages, or pathways in ways that are not easily readable, they can bypass security filters and make it more challenging for defenders to understand their intentions or detect their actions.

Obfuscation can involve various methods such as changing variable names, encoding payloads, or using complex algorithms to disguise the actual operation of a script. This creates layers of complexity that help hackers avoid analysis or scrutiny.

In contrast, cookie snooping involves the unauthorized access or theft of web cookies, which are used to store user sessions and data associated with web browsing. Directory traversal is a vulnerability that allows attackers to access restricted directories and files in a web server, while DMZ protocol attacks focus on exploiting vulnerabilities in a demilitarized zone network. These options do not align with the specific practice of using encoding techniques to avoid detection, reinforcing why obfuscation application is the most relevant answer in this scenario.