Grossman’s Top 10 Web App Vulnerabilities of 2010

Jeremiah Grossman (WhiteHat Security Co-founder) recently had a public poll to determine the top web hacking techniques of 2010.  The public was able to determine the top 15 at which point Jeremiah relied on 10 industry experts to create the top 10.

Some highlights:

1) ‘Padding Oracle’ Crypto Attack (poet, Padbuster, demo, ASP.NET)
Juliano Rizzo (@julianor), Thai Duong (@thaidn)

2) Evercookie
Samy Kamkar (@samykamkar)

3) Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox, Internet Explorer)
Jeremiah Grossman (@jeremiahg)

4) Attacking HTTPS with Cache Injection (Bad Memories)
Elie Bursztein (@ELIE), Baptiste Gourdin (@bapt1ste), Dan Boneh

5) Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
Lavakumar Kuppan (@lavakumark)

6) Universal XSS in IE8 (CVE, White Paper)
Eduardo Vela (@sirdarckcat), David Lindsay (@thornmaker)

7) HTTP POST DoS
Wong Onn Chee, Tom Brennan (@brennantom)

8) JavaSnoop
Arshan Dabirsiaghi (@nahsra)

9) CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
Robert “RSnake” Hansen (@rsnake)

10) Java Applet DNS Rebinding
Stefano Di Paola (@WisecWisec)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s