Mejores técnicas de hacking en aplicaciones y servicios web que han aparecido en el año 2009 segun Jeremiah Grossman:
Top Ten Web Hacking Techniques of 2009!
Top Ten Web Hacking Techniques of 2009!
1. Creating a rogue CA certificate Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger
2. HTTP Parameter Pollution (HPP) Luca Carettoni, Stefano diPaola
3. Flickr's API Signature Forgery Vulnerability (MD5 extension attack) Thai Duong and Juliano Rizzo
4. Cross-domain search timing Chris Evans
5. Slowloris HTTP DoS Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic - “Programming Model Attacks” section of Apache Security for describing the attack, but did not produce a tool)
6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug) Soroush Dalili
7. Exploiting unexploitable XSS Stephen Sclafani
8. Our Favorite XSS Filters and how to Attack them Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)
9. RFC1918 Caching Security Issues Robert Hansen
10. DNS Rebinding (3-part series Persistent Cookies, Scraping & Spamming, and Session Fixation) Robert Hansen
More...
Visto en blog Jeremiah Grossman
No hay comentarios:
Publicar un comentario