Back To Schedule
Thursday, September 18 • 3:00pm - 3:45pm
Top 10 Web Hacking Techniques of 2013

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivalents. Beyond individual vulnerabilities with CVE numbers or system compromises, we are solely focused on new and creative methods of Web-based attack. Now in its eighth year, the Top 10 Web Hacking Techniques list encourages information sharing, provides a centralized knowledge base, and recognizes researchers who contribute excellent work.

In this talk, We will do a technical deep dive and take you through the Top 10 Web Hacks of 2013 as picked by an expert panel of judges.

This year’s winners are:
1 - Mario Heiderich – Mutation XSS
2 - Angelo Prado, Neal Harris, Yoel Gluck – BREACH
3 - Pixel Perfect Timing Attacks with HTML5
4 - Lucky 13 Attack
5 - Weaknesses in RC4
6 - Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval
7 - Million Browser Botnet
8 - Large Scale Detection of DOM based XSS
9 - Tor Hidden-Service Passive De-Cloaking
10 - HTML5 Hard Disk Filler™ API

avatar for Matt Johansen

Matt Johansen

Senior Manager, WhiteHat Security
Matt Johansen is a Sr. Manager for the Threat Research Center at WhiteHat Security where he manages a team of Application Security Specialists, Engineers and Supervisors to prevent website security attacks and protect companies’ and their customers’ data. Before this he was an Application Security Engineer where he oversaw and assessed more than 35,000 web... Read More →
avatar for Jonathan Kuskos

Jonathan Kuskos

Senior Application Security Engineer, WhiteHat Security
@JohnathanKuskos is a Manager for WhiteHat Security where he is charged with the expansion of their Belfast, Northern Ireland Threat Research Center. After personally hacking hundreds of web applications over several years he moved into a managerial role so that he could contribute... Read More →

Thursday September 18, 2014 3:00pm - 3:45pm MDT
Colorado Ballroom F [Breakers] Denver Marriott City Center