Phase 3: Panel of Security Experts Voting įrom the result of the open community voting, the final 15 Web Hacking Techniques will be ranked based on votes by a panel of security experts. At the end, all points from all ballots will be tabulated to ascertain the top 15 overall. For example, an entry in position #1 will be given 15 points, position #2 will get 14 points, position #3 gets 13 points, and so on down to 1 point. Each attack technique (listed alphabetically) receives points depending on how high the entry is ranked in each ballot. Phase 2: Open community voting for the final 15 Įach verified attack technique will be added to a survey which will be linked below on Feb 1st The survey will remain open until Feb 8th. The submissions will be reviewed and verified. Phase 1: Open community submissions Ĭomment this post or email us top10Webhackswhitehatseccom with your submissions from now until Feb 1st. We rely 100% on nominations, either your own or another researcher, for an entry to make this list! The vulnerabilities and hacks that make this list are chosen by the collective insight of the infosec community. Now in its tenth year, the Top 10 Web Hacking Techniques list encourages information sharing, provides a centralized knowledge base, and recognizes researchers who contribute excellent research. Beyond individual vulnerabilities with CVE numbers or system compromises, we are solely focused on new and creative methods of Web-based attack.
Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivalents. Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. We do this through a nifty yearly process known as The Top 10 Web Hacking Techniques list. With 2015 coming to a close, the time has come for us to pay homage to top tier security researchers from the past year and properly acknowledge all of the hard work that has been given back to the Infosec community. You can also attend the Top Ten Web Hacks of 2015 webinar.Īgree with the list? Disagree? Share your comments below. Also, for anyone that would be interested in learning more about this list, Johnathan Kuskos will be presenting the list at AppSec Europe on June 1st.
And a special thanks to everyone that voted or shared feedback. Ĭongratulations to all those that made the list! Your research contributions are admired and should be respected. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Further disclosure was coordinated by Matthew Green. The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. Exploiting XXE in File Parsing FunctionalityĬongratulations to the team that discovered FREAK!.FREAK (Factoring Attack on RSA-Export Keys).
#Hacking sites update
UPDATE – We have our Top 10 list folks! After a lot of coordination, research, voting by the community and judging by our esteemed panelists, we are pleased to announce our Top 10 List of Web Hacking Techniques for 2015: