Top 10 Web Hack Techniques

Every year the security community produces a stunning amount of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. No anyone who can forecast what new Hack Technique will be discovered at the next month. Yes, our Internet, Web site and Web based business are under the threats of the Unknown Attacks. The current solutions of the "Circum Security Products + Web" have not been enough!

1、CRIME (1, 2, 3 4) by Juliano Rizzo and Thai Duong
2、Pwning via SSRF (memcached, php-fastcgi, etc) (2, 3, 4,5)
3、Chrome addon hacking (2, 3, 4, 5)
4、Bruteforce of PHPSESSID
5、Blended Threats and JavaScript
6、Cross-Site Port Attacks
7、Permanent backdooring of HTML5 client-side application
8、CAPTCHA Re-Riding Attack
9、XSS: Gaining access to HttpOnly Cookie in 2012
10、Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select)