Wednesday, February 25, 2009

Top Ten Web Hacking Techniques of 2008!

Top Ten Web Hacking Techniques of 2008 from Jeremiah Grossman.

1. GIFAR
  • (Billy Rios, Nathan McFeters, Rob Carter, and John Heasman)

2. Breaking Google Gears' Cross-Origin Communication Model
  • (Yair Amit)

3. Safari Carpet Bomb
  • (Nitesh Dhanjani)

4. Clickjacking / Videojacking
  • (Jeremiah Grossman and Robert Hansen)

5. A Different Opera
  • (Stefano Di Paola)

6. Abusing HTML 5 Structured Client-side Storage
  • (Alberto Trivero)

7. Cross-domain leaks of site logins via Authenticated CSS
  • (Chris Evans and Michal Zalewski)

8. Tunneling TCP over HTTP over SQL Injection
  • (Glenn Wilkinson, Marco Slaviero and Haroon Meer)

9. ActiveX Repurposing
  • (Haroon Meer)

10. Flash Parameter Injection
  • (Yuval Baror, Ayal Yogev, and Adi Sharabani)