Top 10 Web Hacking Techniques For 2015

The most influential research on vulnerabilities and exploits, as voted on by the security community.
Web Timing Attacks Made Practical
Evading All* WAF XSS Filters
Abusing CDN’s with SSRF Flash and DNS
Exploiting XXE in File Parsing Functionality
Abusing XLST for Practical Attacks
Magic Hashes
Hunting Asynchronous Vulnerabilities

Now in its tenth year running, the Top 10 List of Web Hacking Techniques for 2015 gave the security community the chance to vote on the most influential research on vulnerabilities, exploits and hacking techniques across all of last year. Coordinated by WhiteHat Security, the list is voted on by the security community at large, based on a range of talks, research papers and high-impact vulnerability announcements.

“Every year, the security community produces a stunning number of new techniques that are published in various white papers, blog posts, articles and conference presentations,” said Johnathan Kuskos, manager of WhiteHat's research team. “Within these thousands of pages are the newest, most creative ways to attack websites, browsers and their mobile equivalents. We created the Top 10 Web Hacks as a way to encourage information sharing within the InfoSec community, help IT professionals stay up-to-date with the recommended fixes and recognize the researchers who contribute excellent work in uncovering vulnerabilities.”

Next slide
Recommended Reading: