Top 10 Web Hacking Techniques of 2013
Johnathan Kuskos, Matt Johansen at AppSec USA 2014
Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivalents. Beyond individual vulnerabilities with CVE numbers or system compromises, we are solely focused on new and creative methods of Web-based attack. Now in its eighth year, the Top 10 Web Hacking Techniques list encourages information sharing, provides a centralized knowledge base, and recognizes researchers who contribute excellent work.
In this talk, We will do a technical deep dive and take you through the Top 10 Web Hacks of 2013 as picked by an expert panel of judges.
This year’s winners are:
1 - Mario Heiderich – Mutation XSS
2 - Angelo Prado, Neal Harris, Yoel Gluck – BREACH
3 - Pixel Perfect Timing Attacks with HTML5
4 - Lucky 13 Attack
5 - Weaknesses in RC4
6 - Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval
7 - Million Browser Botnet
8 - Large Scale Detection of DOM based XSS
9 - Tor Hidden-Service Passive De-Cloaking
10 - HTML5 Hard Disk Filler™ API
Speakers
Matt Johansen
Senior Manager, WhiteHat Security
Matt Johansen is a Sr. Manager for the Threat Research Center at WhiteHat Security where he manages a team of Application Security Specialists, Engineers and Supervisors to prevent website security attacks and protect companies’ and their customers’ data. Before this he was an Application Security Engineer where he oversaw and assessed more than 35,000 web applications that WhiteHat has under contract for many Fortune 500 companies across a range of technologies.
Johnathan Kuskos
Senior Application Security Engineer, WhiteHat Security
Johnathan Kuskos is a Senior Application Security Engineer for WhiteHat Security's Threat Research Center in Houston, Texas. After personally assessing several hundred web applications, he moved into a managerial role so that he could contribute to mentoring younger security engineers. Later this year he'll be moving to Belfast, Ireland to head up the new EU division of WhiteHat Security's Threat Research Center.
In this talk, We will do a technical deep dive and take you through the Top 10 Web Hacks of 2013 as picked by an expert panel of judges.
This year’s winners are:
1 - Mario Heiderich – Mutation XSS
2 - Angelo Prado, Neal Harris, Yoel Gluck – BREACH
3 - Pixel Perfect Timing Attacks with HTML5
4 - Lucky 13 Attack
5 - Weaknesses in RC4
6 - Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval
7 - Million Browser Botnet
8 - Large Scale Detection of DOM based XSS
9 - Tor Hidden-Service Passive De-Cloaking
10 - HTML5 Hard Disk Filler™ API
Speakers
Matt Johansen
Senior Manager, WhiteHat Security
Matt Johansen is a Sr. Manager for the Threat Research Center at WhiteHat Security where he manages a team of Application Security Specialists, Engineers and Supervisors to prevent website security attacks and protect companies’ and their customers’ data. Before this he was an Application Security Engineer where he oversaw and assessed more than 35,000 web applications that WhiteHat has under contract for many Fortune 500 companies across a range of technologies.
Johnathan Kuskos
Senior Application Security Engineer, WhiteHat Security
Johnathan Kuskos is a Senior Application Security Engineer for WhiteHat Security's Threat Research Center in Houston, Texas. After personally assessing several hundred web applications, he moved into a managerial role so that he could contribute to mentoring younger security engineers. Later this year he'll be moving to Belfast, Ireland to head up the new EU division of WhiteHat Security's Threat Research Center.