https://community.isc2.org/t5/Tech-Talk/Top-10-web-hacking-techniques-of-2019/m-p/34353#M2507 <P>The results are in!&nbsp;After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting have conferred, voted, and selected the <A href="https://portswigger.net/research/top-10-web-hacking-techniques-of-2019" target="_blank" rel="noopener">PortSwigger Research Top 10</A> new web hacking techniques of 2019:</P><P>&nbsp;</P><P>10. Exploiting Null Byte Buffer Overflow for a $40,000 bounty<BR />9. Microsoft Edge (Chromium) - EoP to Potential RCE<BR />8. Infiltrating Corporate Intranet Like NSA: Pre-Auth RCE On Leading SSL VPNs<BR />7. Exploring CI Services as a Bug Bounty Hunter<BR />6. All is XSS that comes to the .NET<BR />5. Google Search XSS<BR />4. Abusing Meta Programming for Unauthenticated RCE<BR />3. Owning The Clout Through Server Side Request Forgery<BR />2. Cross-Site Leaks<BR />1. Cached and Confused: Web Cache Deception in the Wild</P><P>&nbsp;</P><P>You can also find past year's top 10 lists here:</P><P><A href="https://portswigger.net/research/top-10-web-hacking-techniques-of-2018" target="_blank">2018</A>,<SPAN>&nbsp;</SPAN><A href="https://portswigger.net/research/top-10-web-hacking-techniques-of-2017" target="_blank">2017</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-10-web-hacking-techniques-of-2015/" rel="nofollow" target="_blank">2015</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-10-web-hacking-techniques-of-2014/" rel="nofollow" target="_blank">2014</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-10-web-hacking-techniques-2013" rel="nofollow" target="_blank">2013</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-ten-web-hacking-techniques-of-2012/" rel="nofollow" target="_blank">2012</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/vote-now-top-ten-web-hacking-techniques-of-2011/" rel="nofollow" target="_blank">2011</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html" target="_blank">2010</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html" target="_blank">2009</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2009/02/top-ten-web-hacking-techniques-of-2008.html" target="_blank">2008</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html" target="_blank">2007</A>,&nbsp;<A href="http://jeremiahgrossman.blogspot.com/2006/12/top-10-web-hacks-of-2006.html" target="_blank">2006</A>.</P> Mon, 09 Oct 2023 09:29:05 GMT AppDefects 2023-10-09T09:29:05Z https://community.isc2.org/t5/Tech-Talk/Top-10-web-hacking-techniques-of-2019/m-p/34353#M2507 <P>The results are in!&nbsp;After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting have conferred, voted, and selected the <A href="https://portswigger.net/research/top-10-web-hacking-techniques-of-2019" target="_blank" rel="noopener">PortSwigger Research Top 10</A> new web hacking techniques of 2019:</P><P>&nbsp;</P><P>10. Exploiting Null Byte Buffer Overflow for a $40,000 bounty<BR />9. Microsoft Edge (Chromium) - EoP to Potential RCE<BR />8. Infiltrating Corporate Intranet Like NSA: Pre-Auth RCE On Leading SSL VPNs<BR />7. Exploring CI Services as a Bug Bounty Hunter<BR />6. All is XSS that comes to the .NET<BR />5. Google Search XSS<BR />4. Abusing Meta Programming for Unauthenticated RCE<BR />3. Owning The Clout Through Server Side Request Forgery<BR />2. Cross-Site Leaks<BR />1. Cached and Confused: Web Cache Deception in the Wild</P><P>&nbsp;</P><P>You can also find past year's top 10 lists here:</P><P><A href="https://portswigger.net/research/top-10-web-hacking-techniques-of-2018" target="_blank">2018</A>,<SPAN>&nbsp;</SPAN><A href="https://portswigger.net/research/top-10-web-hacking-techniques-of-2017" target="_blank">2017</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-10-web-hacking-techniques-of-2015/" rel="nofollow" target="_blank">2015</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-10-web-hacking-techniques-of-2014/" rel="nofollow" target="_blank">2014</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-10-web-hacking-techniques-2013" rel="nofollow" target="_blank">2013</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/top-ten-web-hacking-techniques-of-2012/" rel="nofollow" target="_blank">2012</A>,<SPAN>&nbsp;</SPAN><A href="https://www.whitehatsec.com/blog/vote-now-top-ten-web-hacking-techniques-of-2011/" rel="nofollow" target="_blank">2011</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html" target="_blank">2010</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html" target="_blank">2009</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2009/02/top-ten-web-hacking-techniques-of-2008.html" target="_blank">2008</A>,<SPAN>&nbsp;</SPAN><A href="http://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html" target="_blank">2007</A>,&nbsp;<A href="http://jeremiahgrossman.blogspot.com/2006/12/top-10-web-hacks-of-2006.html" target="_blank">2006</A>.</P> Mon, 09 Oct 2023 09:29:05 GMT https://community.isc2.org/t5/Tech-Talk/Top-10-web-hacking-techniques-of-2019/m-p/34353#M2507 AppDefects 2023-10-09T09:29:05Z