Top 10 de Técnicas para Hacking Web 2013


Año tras año la empresa WhiteHat Security lanza un concurso para encontrar las mejores técnicas de hackeo web, dando a los participantes la oportunidad de publicar sus métodos en, blogs, papers, revistas, listas de correo e incluso presentarse en conferencias a exponer sus técnicas.


La fase de competencia para elegir las mejores técnicas esta dividida en dos fases: la primera es una votación abierta a la comunidad, la cual entrega un sistema de puntuación o ranking a los participantes. De ahí los seleccionados pasan a ser evaluados de la misma manera, solo que ahora por un jurado de expertos en la materia.


Aquí el listado de los top 10

  1. Mario Heiderich – Mutation XSS

  2. Angelo Prado, Neal Harris, Yoel Gluck – BREACH

  3. Pixel Perfect Timing Attacks with HTML5

  4. Lucky 13 Attack

  5. Weaknesses in RC4

  6. Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval

  7. Million Browser Botnet Video Briefing
    Slideshare

  8. Large Scale Detection of DOM based XSS

  9. Tor Hidden-Service Passive De-Cloaking

  10. HTML5 Hard Disk Filler™ API


Aquí la lista de los seleccionados del 2013:

  1. Tor Hidden-Service Passive De-Cloaking

  2. Top 3 Proxy Issues That No One Ever Told You

  3. Gravatar Email Enumeration in JavaScript

  4. Pixel Perfect Timing Attacks with HTML5

  5. Million Browser Botnet Video Briefing
    Slideshare

  6. Auto-Complete Hack by Hiding Filled in Input Fields with CSS

  7. Site Plagiarizes Blog Posts, Then Files DMCA Takedown on Originals

  8. The Case of the Unconventional CSRF Attack in Firefox

  9. Ruby on Rails Session Termination Design Flaw

  10. HTML5 Hard Disk Filler™ API

  11. Aaron Patterson – Serialized YAML Remote Code Execution

  12. Fireeye – Arbitrary reading and writing of the JVM process

  13. Timothy Morgan – What You Didn’t Know About XML External Entity Attacks

  14. Angelo Prado, Neal Harris, Yoel Gluck – BREACH

  15. James Bennett – Django DOS

  16. Phil Purviance – Don’t Use Linksys Routers

  17. Mario Heiderich – Mutation XSS

  18. Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval

  19. Carlos Munoz – Bypassing Internet Explorer’s Anti-XSS Filter

  20. Zach Cutlip – Remote Code Execution in Netgear routers

  21. Cody Collier – Exposing Verizon Wireless SMS History

  22. Compromising an unreachable Solr Serve

  23. Finding Weak Rails Security Tokens

  24. Ashar Javad Attack against Facebook’s password reset process.

  25. Father/Daughter Team Finds Valuable Facebook Bug

  26. Hacker scans the internet

  27. Eradicating DNS Rebinding with the Extended Same-Origin Policy

  28. Large Scale Detection of DOM based XSS

  29. Struts 2 OGNL Double Evaluation RCE

  30. Lucky 13 Attack

  31. Weaknesses in RC4


Y aquí los 15 seleccionados:

  1. Million Browser Botnet Video Briefing
    Slideshare

  2. Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval

  3. Hacker scans the internet

  4. HTML5 Hard Disk Filler™ API

  5. Eradicating DNS Rebinding with the Extended Same-Origin Policy

  6. Aaron Patterson – Serialized YAML Remote Code Execution

  7. Mario Heiderich – Mutation XSS

  8. Timothy Morgan – What You Didn’t Know About XML External Entity Attacks

  9. Tor Hidden-Service Passive De-Cloaking

  10. Auto-Complete Hack by Hiding Filled in Input Fields with CSS

  11. Pixel Perfect Timing Attacks with HTML5

  12. Large Scale Detection of DOM based XSS

  13. Angelo Prado, Neal Harris, Yoel Gluck – BREACH

  14. Weaknesses in RC4

  15. Lucky 13 Attack


Resultados de años anteriores:2006 (65), 2007 (83), 2008 (70), 2009 (82), 2010 (69), 2011 (51) y 2012 (56).

Fuente: http://blog.whitehatsec.com/top-10-web-hacking-techniques-2013/

 

0 comentarios:

Publicar un comentario