What’s the Top 10 Web Hacking Techniques in 2010?


Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blogs, magazine articles, mailing lists, wikis, and many others places. Within the thousands of pages are the latest ways to attack websites, Web Browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we’re talking about brand new and creative methods of Web-base attacks.
(source: BlueHat V11)

This is a list for the Top Ten Web Hacking Techniques in 2010:

1)      ‘Padding Oracle’ Crypto Attack

2)      Evercookie

3)      Hacking Auto-Complete

4)      Attacking HTTPS with Cache Injection

5)      Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution

6)      Universal XSS in IE8

7)      HTTP POST DoS

8)      JavaSnoop

9)      CSS History Hack in FireFox Without JavaScript for Intranet PortScanning

10)   Java Applet DNS Rebinding

BTW, the number 1 attack isn’t related to ORACLE, the database or company.

Now you have the Top Ten list from a 69 new techniques ‘created’ only in 2010. On the next post I’ll try to sumarize some of them.

Do you wanna know more about this subject?

See this TechNet blog:




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s