Search for an article

Select a plan

Choose a plan from below, subscribe, and get access to our exclusive articles!

Monthly plan

$
13
$
0
billed monthly

Yearly plan

$
100
$
0
billed yearly

All plans include

  • Donec sagittis elementum
  • Cras tempor massa
  • Mauris eget nulla ut
  • Maecenas nec mollis
  • Donec feugiat rhoncus
  • Sed tristique laoreet
  • Fusce luctus quis urna
  • In eu nulla vehicula
  • Duis eu luctus metus
  • Maecenas consectetur
  • Vivamus mauris purus
  • Aenean neque ipsum
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

HomeSecurity OperationsTop 10 web hacking techniques of 2023 - nominations open

Top 10 web hacking techniques of 2023 – nominations open

Published on

spot_img

Security researchers have been actively sharing their findings with the community for the past year, presenting innovative ideas that hold the potential for further exploration and implementation in the future. However, with the vast amount of information being shared, many valuable techniques tend to get overlooked and forgotten quickly. To combat this issue, a community initiative has been going strong since 2006, where researchers come together yearly to compile two significant resources: a comprehensive list of notable web security research from the past year and a refined list of the top ten most impactful pieces of work.

This year, the community initiative is underway to collect and nominate the top web hacking techniques of 2023. The timeline for this year’s selection process includes collecting community nominations from January 9-21, followed by a community vote to create a shortlist of the top 15 from January 23-30. An expert panel will then vote on the final 15 nominees from February 1-13, with the results set to be announced on February 15.

The aim of the nominations is to showcase research that introduces novel and practical techniques that can be applied across different systems. While individual vulnerabilities like log4shell may be impactful in the moment, they tend to age poorly. On the other hand, underlying techniques such as JNDI Injection can be reused and have a longer-lasting impact. Nominations can also include refinements to existing attack classes, enhancing known techniques for greater effectiveness.

To make a nomination, researchers are encouraged to provide a URL to the research and a brief comment explaining the novelty and significance of the work. Researchers can nominate their own work if they believe it meets the criteria for being noteworthy. The nomination process aims to filter out non-web-focused submissions, tools, or entries that are not clearly innovative to ensure that the community vote remains manageable.

To keep up with the latest updates on the nomination process, researchers are encouraged to follow PortSwigger Research on Twitter or Albinowax on Infosec Exchange for notifications when the voting stage begins. The initiative has already seen a number of nominations, each accompanied by AI-assisted summaries for easier comprehension and evaluation.

The list of nominations covers a diverse range of topics, from vulnerabilities in mutual TLS to exploiting CORS misconfigurations for data exfiltration. It also includes techniques such as manipulating DNS responses for split-second attacks and exploiting OAuth vulnerabilities for account takeovers. Researchers are encouraged to explore these nominations and consider them for the top ten web hacking techniques of 2023.

In conclusion, the annual community initiative for selecting the top web hacking techniques serves as a platform to recognize and celebrate innovative research within the cybersecurity community. By highlighting novel and practical techniques, researchers contribute to the ongoing evolution and advancement of web security practices, ensuring that valuable discoveries do not go unnoticed.

Source link

Latest articles

DO NOT Group Releases Malicious Android Apps in India

An advanced persistent threat group known as "DONOT Team" has been identified as utilizing...

UAE Experiencing Increase in Cyberattacks Targeting Key Sectors

The UAE Cyber Security Council has revealed that the country is under siege from...

Russian ransomware hackers are pretending to be tech support on Microsoft Teams more frequently

Russian cybercriminals have been found to be engaging in a new scam tactic by...

90 foreigners in Rivers arrested for cybercrime due to immigration reasons

Ninety foreign nationals have been detained by the Nigeria Immigration Service for their alleged...

More like this

DO NOT Group Releases Malicious Android Apps in India

An advanced persistent threat group known as "DONOT Team" has been identified as utilizing...

UAE Experiencing Increase in Cyberattacks Targeting Key Sectors

The UAE Cyber Security Council has revealed that the country is under siege from...

Russian ransomware hackers are pretending to be tech support on Microsoft Teams more frequently

Russian cybercriminals have been found to be engaging in a new scam tactic by...