What's the Top 10 Web Hacking Techniques in 2010?

H3LL0,

Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blogs, magazine articles, mailing lists, wikis, and many others places. Within the thousands of pages are the latest ways to attack websites, Web Browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about brand new and creative methods of Web-base attacks.
(source: BlueHat V11)

This is a list for the Top Ten Web Hacking Techniques in 2010:

1)      'Padding Oracle' Crypto Attack

2)      Evercookie

3)      Hacking Auto-Complete

4)      Attacking HTTPS with Cache Injection

5)      Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution

6)      Universal XSS in IE8

7)      HTTP POST DoS

8)      JavaSnoop

9)      CSS History Hack in FireFox Without JavaScript for Intranet PortScanning

10)   Java Applet DNS Rebinding

BTW, the number 1 attack isn't related to ORACLE, the database or company.

Now you have the Top Ten list from a 69 new techniques 'created' only in 2010. On the next post I'll try to sumarize some of them.

regards,

M4R1NS