Como todos los años, WhiteHat Security (la empresa fundada en 2001 por Jeremiah Grossman) lleva a cabo un concurso con las mejores técnicas de hacking web del año.
Las votaciones a los nuevos y creativos métodos suelen ser en dos
fases: la primera abierta a la Comunidad y la segunda en la que un
(impresionante) jurado elige las mejores en base a los resultados de la
primera.
Ahora por fin, tenemos los ganadores de las mejores técnicas del 2013:
El Top 10
- Mario Heiderich – Mutation XSS
- Angelo Prado, Neal Harris, Yoel Gluck – BREACH
- Pixel Perfect Timing Attacks with HTML5
- Lucky 13 Attack
- Weaknesses in RC4
- Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval
- Million Browser Botnet Video Briefing Slideshare
- Large Scale Detection of DOM based XSS
- Tor Hidden-Service Passive De-Cloaking
- HTML5 Hard Disk Filler™ API
- Tor Hidden-Service Passive De-Cloaking
- Top 3 Proxy Issues That No One Ever Told You
- Gravatar Email Enumeration in JavaScript
- Pixel Perfect Timing Attacks with HTML5
- Million Browser Botnet Video Briefing Slideshare
- Auto-Complete Hack by Hiding Filled in Input Fields with CSS
- Site Plagiarizes Blog Posts, Then Files DMCA Takedown on Originals
- The Case of the Unconventional CSRF Attack in Firefox
- Ruby on Rails Session Termination Design Flaw
- HTML5 Hard Disk Filler™ API
- Aaron Patterson – Serialized YAML Remote Code Execution
- Fireeye – Arbitrary reading and writing of the JVM process
- Timothy Morgan – What You Didn’t Know About XML External Entity Attacks
- Angelo Prado, Neal Harris, Yoel Gluck – BREACH
- James Bennett – Django DOS
- Phil Purviance – Don’t Use Linksys Routers
- Mario Heiderich – Mutation XSS
- Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval
- Carlos Munoz – Bypassing Internet Explorer’s Anti-XSS Filter
- Zach Cutlip – Remote Code Execution in Netgear routers
- Cody Collier – Exposing Verizon Wireless SMS History
- Compromising an unreachable Solr Serve
- Finding Weak Rails Security Tokens
- Ashar Javad Attack against Facebook’s password reset process.
- Father/Daughter Team Finds Valuable Facebook Bug
- Hacker scans the internet
- Eradicating DNS Rebinding with the Extended Same-Origin Policy
- Large Scale Detection of DOM based XSS
- Struts 2 OGNL Double Evaluation RCE
- Lucky 13 Attack
- Weaknesses in RC4
Más información de las votaciones de 2013: http://blog.whitehatsec.com/top-10-web-hacking-techniques-2013/
0 comentarios:
Publicar un comentario