Top ten web hacking techniques of 2010

Created by Jeremiah Grossman. This will work until the cache is cleared. Nearly half the top 1 million Web sites use external Java script libraries. Using these, the attackers can reset the victim's passwords and gain access to their accounts.

Created by Lavakumar Kuppan. Universal XSS in IE8 -- Internet Explorer 8 has cross-site scripting protections that this exploit can circumvent and allow Web pages to be rendered improperly in a potentially malicious manner.

When many of these are sent simultaneously, the servers are overwhelmed. JavaSnoop -- A Java agent attached to the target machine communicates with the JavaSnoop tool to test applications on the machine for security weaknesses. The Top Web Hacking Techniques acts as a centralized knowledge base, a way to recognize researchers who contribute excellent work, and digestible way for the community keep up with the latest trends -- a look forward.

After the presentation I got the opportunity to meet many new people and learn more about the things in Web security that most interest them. Lots of chatter about where OWASP as an organization should be heading, conversations about the latest hacks in the news, what various Web security vendors are up to, and of course, several personal appsec projects.

If you are in the San Diego area and interested in the subject matter, you should really consider attending. Since inception of the Top Ten Web Hacking Techniques list, the diversity, volume, and innovation of security research has always been impressive. This years point-position voting system worked well and the results showed exceptionally strong competition throughout all the entries. In fact, only two entries did not gain any points.

Today the polls are close, votes are in, and the official Top Ten Web Hacking Techniques of has been finalized! For any researcher simple the act of creating something unique enough to appear on the complete list is itself an achievement.

To make it on to the top ten though, is well, another matter entirely. Oral Presentation. Hacking The World With Flash. Related Books Free with a 30 day trial from Scribd.

Uncommon Carriers John McPhee. The Art of War Sun Tsu. Related Audiobooks Free with a 30 day trial from Scribd. Elizabeth Howell. Christina Russell , Did u try to use external powers for studying? They helped me a lot once. Minh Triet Pham Tran. Jemima Sharah , crazy rider at Worlds of Fun.

Show More. Views Total views. Actions Shares. No notes for slide. Top Ten Web Hacking Techniques 1. Page 2 3. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about brand new and creative methods of Web-based attack.

When the user clicks on something they visually see, they're instead really clicking on something the attacker wanted them to. HTTP Parameter Pollution is where an attacker submits multiple input parameters query string, post data, cookies, etc.

Upon receipt applications may react in unexpected ways and open up avenues of server-side and client-side exploitation. By cleverly leveraging these two former Top Ten attacks, CSRF attacks can be carried out against a user even when recommended token defenses are in use. Clickjacking Top Ten Think of any button — image, link, form, etc. Next consider that an attacker can invisibly hover these buttons below the user's mouse, so that when a user clicks on something they visually see, they're actually clicking on something the attacker wants them to.

What could the bad guy do with that ability?