“Keep both eyes on the underlying weakness in code – represented as a style of coding. The message here is to keep one eye on emerging vulnerabilities – always interesting and potentially important.” This its closely followed by XSS attacks, which are extremely prevalent in web applications.
“Injection-style attacks remains stubbornly top of the OWASP Top 10 (2013) vulnerabilities list. Whilst the spectrum of attack techniques is constantly evolving, the main avenues of exploited attack change less frequently, according to Paul Farrington, Senior Solution Architect at Veracode. Based on the volume of legacy code still in existence, we will no doubt see more downgrade attacks over the coming year,” said Johnathan Kuskos, Manager, Threat Research Centre at WhiteHat Security, told Help Net Security. In 2016, we have already seen the DROWN attack, which reportedly affects one in three websites. Examples like Heartbleed and POODLE dominated the headlines last year and once again, TLS attacks have taken three of the Top 10 places this year.
Over the ten years of Top 10 lists, TLS hacks have come up time and time again. “Based on this year’s Top Ten, it is safe to say that SSL/TLS remains one of the key targets for emerging hacking techniques. Exploiting XXE in File Parsing Functionality.FREAK (Factoring Attack on RSA-Export Keys).The list is chosen by the security research community, coordinated by WhiteHat Security.Īfter receiving 39 submissions detailing hacking techniques discovered in 2015, the following hacks were voted into the top 10 spaces: Now in its tenth year, the Top 10 List of Web Hacking Techniques takes a step back from the implications of an attack to understand how they happen.
0 kommentar(er)
