Had a press release ping onto my screen saying that the number and creativity of Web hacks constantly increases, and the damage from these attacks rises exponentially, costing companies and consumers millions every year.
Keeping up with these attacks can be hard work for any computer security professional.
Accordingly, website security solutions specialist WhiteHat Security, with the help of an open community and a selected panel of industry experts, has compiled a list of the top ten latest web hacking techniques from 2012 to help highlight these new attacks.
And the winners are:
CRIME (1, 2, 3 4).
Pwning via SSRF (memcached, php-fastcgi, etc) (2, 3, 4, 5).
Chrome addon hacking (2, 3, 4, 5).
Bruteforce of PHPSESSID.
Blended Threats and JavaScript.
Cross-Site Port Attacks.
Permanent backdooring of HTML5 client-side application.
CAPTCHA Re-Riding Attack.
XSS: Gaining access to HttpOnly Cookie in 2012.
Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select).
Don't say you hadn't been warned.
About the Author
Paul Whytock Blog
European Editor
Paul Whytock is European Editor for Penton Media's Electronics Division. From his base in London, England, he covers press conferences and industry events throughout the EU for Penton publications and its Engineering TV and Radio services Qualified to HNC Full Technological Certificate standard, Whytock trained as an automotive design engineer with Ford Motor Company prior to entering technical journalism.