1. GIFAR
- (Billy Rios, Nathan McFeters, Rob Carter, and John Heasman)
2. Breaking Google Gears' Cross-Origin Communication Model
- (Yair Amit)
3. Safari Carpet Bomb
- (Nitesh Dhanjani)
4. Clickjacking / Videojacking
- (Jeremiah Grossman and Robert Hansen)
5. A Different Opera
- (Stefano Di Paola)
6. Abusing HTML 5 Structured Client-side Storage
- (Alberto Trivero)
7. Cross-domain leaks of site logins via Authenticated CSS
- (Chris Evans and Michal Zalewski)
8. Tunneling TCP over HTTP over SQL Injection
- (Glenn Wilkinson, Marco Slaviero and Haroon Meer)
9. ActiveX Repurposing
- (Haroon Meer)
10. Flash Parameter Injection
- (Yuval Baror, Ayal Yogev, and Adi Sharabani)