This document summarizes the top ten web hacking techniques of 2013 as identified by WhiteHat Security. It provides brief descriptions of each technique, including Mutation XSS, BREACH, Pixel Perfect Timing Attacks with HTML5, Lucky 13, weaknesses in the RC4 encryption algorithm, XML Out of Band Data Retrieval, creating a million browser botnet, large-scale detection of DOM-based XSS, Tor Hidden Service passive decloaking, and HTML5 hard disk filler attacks. The document also provides background on the individuals and organization presenting this information.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Top 10 Web Hacks 2013
1. TOP TEN WEB HACKING
TECHNIQUES OF 2013
JOHNATHAN KUSKOS
Threat Research Center, Supervisor
Twitter: @JohnathanKuskos
Email: johnathan.kuskos@whitehatsec.com
MATT JOHANSEN
Threat Research Center, Manager
Twitter: @mattjay
Email: matt@whitehatsec.com
81. • All Web security researchers
• Panel of Judges: Peleus Uhely, Jeff Williams, Dan Kaminsky, Romain Gaucher,
Saumil Shah, Giorgio Maone, Troy Hunt, Ivan Ristic
• Everyone in the Web security community who assisted with voting
Thank you to…
JOHNATHAN KUSKOS
Threat Research Center, Supervisor
Twitter: @JohnathanKuskos
Email: johnathan.kuskos@whitehatsec.com
MATT JOHANSEN
Threat Research Center, Manager
Twitter: @mattjay
Email: matt@whitehatsec.com
Notes de l'éditeur
matt
Here you can see that when we supply some text within s tags the browser actually converts that to uppercase S tags. That makes sense because in HTML4 it was the standard that element names were uppercase. Nothing wrong here, moving on.