[Security] Top 10 Web Hacking Techniques of 2011

Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we’re talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work.
1. BEAST (by: Thai Duong and Juliano Rizzo)
2. Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java (by: Johannes Dahse)
3. DNS poisoning via Port Exhaustion (by: Roee Hay and Yair Amit)
4. DOMinator – Finding DOMXSS with dynamic taint propagation (by: Stefano Di Paola)
5. Abusing Flash-Proxies for client-side cross-domain HTTP requests (by: Martin Johns and Sebastian Lekies)
6. Expression Language Injection (by: Stefano Di Paola and Arshan Dabirsiaghi)
7. Java Applet Same-Origin Policy Bypass via HTTP Redirect (by: Neal Poole)
8. CAPTCHA Hax With TesserCap (by: Gursev Kalra)
9. Bypassing Chrome’s Anti-XSS filter (by: Nick Nikiforakis)
10. CSRF: Flash + 307 redirect = Game Over (by: Phillip Purviance)

[ Via ]


Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Security] Internet blackout scheduled in protest of SOPA