Top Ten Web Hacks of 2012

RSS

 

Had a press release ping onto my screen  saying that the number and creativity of Web hacks constantly increases, and the damage from these attacks rises exponentially, costing companies and consumers millions every year.

Keeping up with these attacks can be hard work for any computer security professional.
Accordingly, website security solutions specialist WhiteHat Security, with the help of an open community and a selected panel of industry experts, has compiled a list of the top ten latest web hacking techniques from 2012 to help highlight these new attacks.

And the winners are:

CRIME (1, 2, 3 4).

Pwning via SSRF (memcached, php-fastcgi, etc) (2, 3, 4, 5).

Chrome addon hacking (2, 3, 4, 5).

Bruteforce of PHPSESSID.

Blended Threats and JavaScript.

Cross-Site Port Attacks.

Permanent backdooring of HTML5 client-side application.

CAPTCHA Re-Riding Attack.

XSS: Gaining access to HttpOnly Cookie in 2012.

Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select).

Don't say you hadn't been warned.

Discuss this Blog Entry 10

on Apr 2, 2013

Great information - saying what the threats are, but why did you stop there? There is absolutely nothing explaining what each threat is / does. There is absolutely no information providing solutions for / against the threats. You have done less than half of your job, and you probably could have stopped at providing only a headline, as that would have been just as useless as your half-hearted effort, apparent with this article, and saved yourself three minutes of typing. Thanks for the lack-of-information.

on Apr 2, 2013

"...the damage from these attacks rises exponentially..."

Did they really mean that or was this just a figure of speech?

on Apr 2, 2013

go to tthe source (not just a Matrix reference ;-)
https://blog.whitehatsec.com/top-ten-web-hacking-techniques-of-2012/

on Apr 3, 2013

Thank you EdKeating1, awesome reference. Also, thanks for the link =)

Newsletter Signup

Please or Register to post comments.

What's London Calling?

Blogs on the electronics industry

Contributors

Paul Whytock

Paul Whytock is European Editor for Penton Media's Electronics Division. From his base in London, England, he covers press conferences and industry events throughout the EU for Penton...
Commentaries and Blogs
Guest Blogs
Nov 11, 2014
blog

How to Outsource Your Project to Failure 4

This article will address failure to carefully vet a potential manufacturing or “turnkey” partner and/or failure to transfer sufficient information and requirements to such a partner, a very common problem I have seen again and again with my clients over the years, and have been the shoulder cried upon by several relatives and clients in the past....More
Nov 11, 2014
blog

Transition from the Academe to the Industry Unraveled 1

There have been many arguments here and there about how short-comings of universities and colleges yield engineers with skill sets that do not cater to the demands of the industry. There have been many arguments here and there about an imminent shortage of engineers lacking knowledge in the sciences. There have been many arguments here and there about how the experience and know-how of engineers in the industry may vanish due to the fact that they can’t be passed on because the academic curriculum deviates from it....More
Nov 11, 2014
blog

Small Beginnings 5

About 10 years ago I received a phone call from an acquaintance. He had found a new opportunity selling some sort of investments and he wanted to share it with me in case I was interested. Ken had done fairly well for many years as a contract software developer primarily in the financial services sector. His specialty was writing RPG code. (RPG is often referred to as a write only language.) But he was seeing the handwriting on the wall as the industry moved on to other methods, and saw himself becoming a fossil....More

Sponsored Introduction Continue on to (or wait seconds) ×