WhiteHat Security Announces The Tenth Annual Top 10 Web Hacking Techniques For 2015

Industry researchers reveal new and creative methods of web-based attacks

News provided by

WhiteHat Security

20 Apr, 2016, 08:00 ET

SANTA CLARA, Calif., April 20, 2016 /PRNewswire/ -- WhiteHat Security, the only application security provider that combines the best of technology and human intelligence, today announced the Top 10 List of Web Hacking Techniques for 2015. The number one threat identified over the last year is FREAK (Factoring Attack on RSA-Export Keys), a substantial security vulnerability that left users of modern browsers open to attack when visiting millions of websites.       

Now in its tenth year, the Top 10 Web Hacking Techniques takes a step back from the implications of an attack to understand how they happen. As the only list of its kind in the industry, the Top 10 provides a centralized knowledge base, captures year-to-year trends in the Web security industry and recognizes the security experts that work at the forefront of Web security research. The list is chosen by the security research community, coordinated by WhiteHat Security.

"Every year, the security community produces a stunning number of new techniques that are published in various white papers, blog posts, articles and conference presentations," said WhiteHat Security Manager, Threat Research Center, Johnathan Kuskos, who leads this community effort. "Within these thousands of pages are the newest, most creative ways to attack websites, browsers and their mobile equivalents. We created the Top 10 Web Hacks as a way to encourage information sharing within the InfoSec community, help IT professionals stay up-to-date with the recommended fixes and recognize the researchers who contribute excellent work in uncovering vulnerabilities."

After receiving 39 submissions detailing hacking techniques discovered in 2015, the following hacks were voted into the top 10 spaces:

  1. FREAK (Factoring Attack on RSA-Export Keys)
  2. LogJam
  3. Web Timing Attacks Made Practical
  4. Evading All* WAF XSS Filters
  5. Abusing CDN's with SSRF Flash and DNS
  6. IllusoryTLS
  7. Exploiting XXE in File Parsing Functionality
  8. Abusing XLST for Practical Attacks
  9. Magic Hashes
  10. Hunting Asynchronous Vulnerabilities

In a continuation of the trend from previous years, a branded vulnerability has taken both the first and second spot. In 2014, Heartbleed, ShellShock and Poodle took the first three places. This year, the judges placed FREAK, the SSL/TLS vulnerability in the first position, citing its novelty, pervasiveness and potential for widespread abuse as the key reasons for its high ranking.

"One of the key trends from the list this year is that legacy code continues to haunt the industry and we will remain living in the age of downgrade attacks, such as FREAK, for quite some time," added Kuskos. "Of all the hacks in 2015, it's the web hacks that are really making the headlines. Hackers just aren't interested in hacking an individual's 'My Documents' folder these days; they know they can do far more damage by gaining access to Facebook, Gmail, Dropbox, and other web or cloud-based applications."

For more information:

  • Read the Top 10 Web Hacks of 2015 blog.
  • Register to attend the Top 10 Web Hacks of 2015 webinar, featuring Johnathan Kuskos, on May 3 at 11:00am PT.

About WhiteHat Security
WhiteHat Security has been in the business of securing web applications for 15 years.  Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost and accelerate the deployment of secure applications and web sites.  The company's flagship product, WhiteHat Sentinel, is a software-as-a-service platform providing dynamic application security testing (DAST), static application security testing (SAST), and mobile application security assessments.  The company is headquartered in Santa Clara, Calif., with regional offices across the U.S. and Europe.  For more information on WhiteHat Security, please visit www.whitehatsec.com, and follow us on Twitter, LinkedIn and Facebook.

Logo - http://photos.prnewswire.com/prnh/20160222/336045LOGO

SOURCE WhiteHat Security

Related Links

http://www.whitehatsec.com

PRN Top Stories Newsletters

Sign up to get PRN’s top stories and curated news delivered to your inbox weekly!

Thank you for subscribing!

By signing up you agree to receive content from us.
Our newsletters contain tracking pixels to help us deliver unique content based on each subscriber's engagement and interests. For more information on how we will use your data to ensure we send you relevant content please visit our PRN Consumer Newsletter Privacy Notice. You can withdraw your consent at any time in the footer of every email you'll receive. Mit Ihrer Anmeldung erklären Sie sich damit einverstanden, Inhalte von uns zu erhalten.
Unsere Newsletter enthalten Zählpixel, die die Lieferung einzigartiger Inhalte in Bezug auf das Abonnement und die Interessen der einzelnen Abonnenten ermöglichen. Weitere Informationen über die Verwendung Ihrer Daten im Hinblick auf die Zusendung von relevanten Inhalten, finden Sie in unserer PRN Consumer Newsletter Privacy Notice. Ihre Zustimmung können Sie jederzeit in der Fußzeile jeder erhaltenen E-Mail widerrufen. En vous inscrivant à la newsletter, vous consentez à la réception de contenus de notre part.
Notre newsletter contient des pixels espions nous permettant la fourniture à chaque abonné, d’un contenu unique en lien avec ses souscriptions et intérêts. Pour de plus amples informations sur l’utilisation faite de vos données en vue de l’envoi des contenus concernés, nous vous invitons à consulter la politique de confidentialité disponible à partir du lien suivant PRN Consumer Newsletter Privacy Notice. Vous pouvez à tout moment revenir sur votre consentement par le biais des informations situées au bas de chaque e-mail reçu. Регистрирайки се, Вие се съгласявате да получавате информационно съдържание от нас. Нашите бюлетини съдържат проследяващи пиксели, които ни помагат да предоставяме уникално съдържание въз основа на ангажираността и интересите на всеки абонат. За повече информация относно начина, по който ще използваме Вашите данни, за да гарантираме, че Ви изпращаме подходящо съдържание, моля, направете справка с нашето Уведомление за поверителност на потребителския бюлетин на PRN. Можете да оттеглите съгласието си по всяко време в долния колонтитул на всеки от имейлите, които ще получите.