Top 10 Web Hacking Attacks

Here is a list of the top 10 web hacking attacks according to : Jeremiah Grossman, CTO and founder of WhiteHat Security. This was presented at the Web 2.0 Expo.

In summary, these are the top 10:

10. Flash Parameter Injection

9. ActiveX Repurposing

8. Tunneling TCP over HTTP over SQL-injection - Tunnel has always been the way to go. Basically if you can tunnel anything over something, you can get pass the firewall.

7. Cross-domain leaks of site logins via authenticated CSS

6. Abusing HTML 5 structured client-side storage

5. A different Opera - Yes, its about the browser!

4. Clickjacking / videojacking - This has been presented many many times. Clickjacking is dangerous. But so far, fortunately, nobody does it really good.

3. Safari carpet bomb - Again, browser!

2. Breaking google gears’ cross-origin communication model - Google gears, to use or not is not the question anymore

1. GIFAR - This is an attack on GIF and JAVA.

Read the full article at :
http://blogs.zdnet.com/feeds/?p=908