For Search Engines


Web Security Links: (Source:

ACE Team – Microsoft
Adam Boulton’s Blog
Adam Shostack – Emergent Chaos
Alex ??? – kuza55
Analytical Engine
Andrew Jacquith – securitymetrics
Andrew van der Stock – cat slave diary
Andy Steingruebl – Security Retentive
Anil John
Anton Chuvakin Blog – "Security Warrior"
Anurag Agarwal – Application Security Evangelist
Application Security Center Community
Arshan Dabirsiaghi – Aspect Security
Billy (BK) Rios
Billy Hoffman – SPI – Curiouser and Curiouser
Bruce Schneier – Cryptogram
CERIAS Combined Feed
Chris Shiflett: PHP and Web Application Security
Chris Weber – Software and Web Application Security
Christian Matthies
Christopher Hoff – Rational Security
Cigital – Justice League
Coding Insecurity
CSO Blogs – Information Security
Dafydd Stuttard – PortSwigger – Burp
Dana Epp – SilverStr – Microsoft
Dana Epp’s ramblings at the Sanctuary
Dark Reading: Application Security
Dark Reading: Snake Bytes
David LeBlanc’s Web Log
David Litchfield’s blog
David Ross – Microsoft – Random Dross
Denim Group, Ltd.
Dennis Hurst’s Blog
Dr.Dobb’s Security Articles
Ed Felton – Freedom to Tinker
Eduardo Vela – sirdarckcat
Enterprise Architecture: From Incite comes Insight…
Errata Security
extern blog SensePost;
Gareth Heyes – The Spanner IT Security News
GDS Security Blog
Google Online Security Blog
Gunnar Peterson – 1 Raindrop
Gunter Ollmann, Mark Dowd – ISS Frequency X Blog
hackers @ microsoft
Help Net Security – News
InformIT :: SecurityArticles > Security
(IN)SECURE Magazine Notifications RSS
ISM – Curphey – Latest News
Ivan Ristic
Ivan Ristic – ModSecurity
J.D. Meier’s Blog
Jeremiah Grossman – WhiteHat
Joe Basirico – Security Renegades’s blog
JW on Test
Kim Cameron’s Identity Weblog
Klocwork – g2zero
Larry Osterman’s WebLog
Marco Morana
Mark Curphey –
Mary Ann Davidson Blog
Matasano Chargen
Matt Blaze’s Exhaustive Search
Michael Coates
Michael Coates
Michael Howard
Michael Smith – rybolov – The Guerilla CISO
Michael Sutton – SPI Dynamics
Michael's Blog
Mike Andrews
Mike Rothman – Security Incite Rants
MSI :: State of Security
Musings on Information Security
Nate McFeters – Zero Day
Network Computing Magazine | Security Channel: Features, Reviews, Commentary and more
Nitesh Dhanjani
Orizon Post
Petko Petkov (pdparchitect) – GnuCitizen
Richard Bejtlich – TaoSecurity
Richard Lewis – Application Security
Robert Auger –
Robert Hansen – rsnake –
RockyH – From Source to Secure
RockyH – Security First!
Rohyt Belani – PhishMe
Ronald van den Heetkamp – 0×000000 Security
Ruby on Rails Security Project
Rudolph Arojo – Foundstone –
Ryan Barnett – ModSecurity – Web Security Blog
sc-l mailing list
Security Is Simple: Only Use Perfect Software
Security Wire Daily News
SecurityFocus News
SecurityGuidanceShare – Recent changes [en]
SecViz – Security Visualization
Shreeraj’s security blog
Smart Security by Dharmesh M Mehta
Stefan Esser – PHP Security Blog
Stefan Esser – Suspekt…
Stefano di Paolo – Minded Security – Security Thoughts
Sunnet Beskerming Security Advisories
Sven Vetsch – Disenchant’s Blog
Sylvan von Stuppe Security
The Art of Software Security Assessment
The Connected Information Security Group
The Register – Security
The Register – Security: Enterprise Security
The Security Development Lifecycle – Microsoft
The Web Security Mailing List (WASC)
tssci security
Veracode – Zero in a bit


Web Hacking Techniques 2012


Web Hacking Techniques 2011

1.       Bypassing Flash’s local-with-filesystem Sandbox

2.       Abusing HTTP Status Codes to Expose Private Information

3.       SpyTunes: Find out what iTunes music someone else has

4.       CSRF: Flash + 307 redirect = Game Over

5.       Close encounters of the third kind (client-side JavaScript vulnerabilities)

6.       Tracking users that block cookies with a HTTP redirect

7.       The Failure of Noise-Based Non-Continuous Audio Captchas

8.       Kindle Touch (5.0) Jailbreak/Root and SSH

9.       NULLs in entities in Firefox

10.   Timing Attacks on CSS Shaders

11.   CSRF with JSON – leveraging XHR and CORS

12.   Double eval() for DOM based XSS

13.   Hidden XSS Attacking the Desktop & Mobile Platforms

14.   Rapid history extraction through non-destructive cache timing (v8)

15.   Lotus Notes Formula Injection

16.   Stripping Referrer for fun and profit

17.   How to upload arbitrary file contents cross-domain (2)

18.   Exploiting the unexploitable XSS with clickjacking

19.   How to get SQL query contents from SQL injection flaw

20.   XSS-Track as a HTML5 WebSockets traffic sniffer

21.   Cross domain content extraction with fake captcha

22.   Autocomplete..again?!

23.   JSON-based XSS exploitation

24.   DNS poisoning via Port Exhaustion

25.   Java Applet Same-Origin Policy Bypass via HTTP Redirect

26.   HOW TO: Spy on the Webcams of Your Website Visitors

27.   Launch any file path from web page

28.   Crowd-sourcing mischief on Google Maps leads customers astray

29.   BEAST

30.   Bypassing Chrome’s Anti-XSS filter

31.   XSS in Skype for iOS

32.   Cookiejacking

33.   Stealth Cookie Stealing (new XSS technique)

34.   SurveyMonkey: IP Spoofing

35.   Using Cross-domain images in WebGL and Chrome 13

36.   Filejacking: How to make a file server from your browser (with HTML5 of course)

37.   Exploitation of “Self-Only” Cross-Site Scripting in Google Code

38.   Expression Language Injection

39.   (DOMinator) Finding DOMXSS with dynamic taint propagation

40.   Facebook: Memorializing a User

41.   How To Own Every User On A Social Networking Site

42.   Text-based CAPTCHA Strengths and Weaknesses

43.   Session Puzzling (aka Session Variable Overloading) Video 1234

44.   Temporal Session Race Conditions Video 2

45.   Google Chrome/ChromeOS sandbox side step via owning extensions

46.   Excel formula injection in Google Docs

47.   Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)

48.   CAPTCHA Hax With TesserCap

49.   Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java

50.   Abusing Flash-Proxies for client-side cross-domain HTTP requests [slides]

Web Hacking Techniques 2010

  1. Evercookie
  2. Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox, Internet Explorer)
  3. Cookie Eviction
  4. Converting unimplementable Cookie-based XSS to a persistent attack
  5. phpwn: Attack on PHP sessions and random numbers
  6. NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)
  7. Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
  8. XSHM Mark 2
  9. MitM DNS Rebinding SSL/TLS Wildcards and XSS
  10. Using Cookies For Selective DoS and State Detection
  11. Quick Proxy Detection
  12. Flash Camera and Mic Remember Function and XSS
  13. Improving HTTPS Side Channel Attacks
  14. Side Channel Attacks in SSL
  15. Turning XSS into Clickjacking
  16. Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
  17. CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
  18. Popup & Focus URL Hijacking
  19. Hacking Facebook with HTML5
  20. Stealing entire Auto-Complete data in Google Chrome
  21. Chrome and Safari users open to stealth HTML5 AppCache attack
  22. DNS Rebinding on Java Applets
  23. Strokejacking
  24. The curse of inverse strokejacking
  25. Re-visiting JAVA De-serialization: It can't get any simpler than this !!
  26. Fooling B64_Encode(Payload) on WAFs and filters
  27. MySQL Stacked Queries with SQL Injection...sort of
  28. A Twitter DomXss, a wrong fix and something more
  29. Get Internal Network Information with Java Applets
  30. Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem
  31. Java Applet Same IP Host Access
  32. ASP.NET 'Padding Oracle' Crypto Attack
  33. Posting raw XML cross-domain
  34. Generic cross-browser cross-domain theft
  35. One vector to rule them all
  37. Penetrating Intranets through Adobe Flex Applications
  38. No Alnum JavaScript (cheat sheet, jjencode demo)
  39. Attacking HTTPS with Cache Injection
  40. Tapjacking: owning smartphone browsers
  41. Breaking into a WPA network with a webpage
  42. XSS-Track: How to quietly track a whole website through single XSS
  43. Next Generation Clickjacking
  44. XSSing client-side dynamic HTML includes by hiding HTML inside images and more
  45. Stroke triggered XSS and StrokeJacking
  46. Internal Port Scanning via Crystal Reports
  47. Lost in Translation (ASP’s HomoXSSuality)
  48. Cross Site URL Hijacking by using Error Object in Mozilla Firefox
  49. JavaSnoop
  50. IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation"
  51. Universal XSS in IE8
  52. padding oracle web attack (poet, Padbuster, demo)
  53. IIS6/ASP & file upload for fun and profit
  54. Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation
  55. NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick
  56. Persistent Cross Interface Attacks
  57. Port Scanning with HTML5 and JS-Recon
  58. Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers
  59. Cracking hashes in the JavaScript cloud with Ravan
  60. Will it Blend?
  61. Stored XSS Vulnerability @ Amazon
  62. Poisoning proxy caches using Java/Flash/Web Sockets
  63. How to Conceal XSS Injection in HTML5
  64. Expanding the Attack Surface
  65. Chronofeit Phishing
  66. Non-Obvious (Crypto) Bugs by Example
  67. SQLi filter evasion cheat sheet (MySQL)
  68. Tabnabbing: A New Type of Phishing Attack
  69. UI Redressing: Attacks and Countermeasures Revisited


Web Hacking Techniques 2009

  1. Persistent Cookies and DNS Rebinding Redux
  2. iPhone SSL Warning and Safari Phishing
  3. RFC 1918 Blues
  4. Slowloris HTTP DoS
  5. CSRF And Ignoring Basic/Digest Auth
  6. Hash Information Disclosure Via Collisions - The Hard Way
  7. Socket Capable Browser Plugins Result In Transparent Proxy Abuse
  8. XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+
  9. Session Fixation Via DNS Rebinding
  10. Quicky Firefox DoS
  11. DNS Rebinding for Credential Brute Force
  12. SMBEnum
  13. DNS Rebinding for Scraping and Spamming
  14. SMB Decloaking
  15. De-cloaking in IE7.0 Via Windows Variables
  16. itms Decloaking
  17. Flash Origin Policy Issues
  18. Cross-subdomain Cookie Attacks
  19. HTTP Parameter Pollution (HPP)
  20. How to use Google Analytics to DoS a client from some website.
  21. Our Favorite XSS Filters and how to Attack them
  22. Location based XSS attacks
  23. PHPIDS bypass
  24. I know what your friends did last summer
  25. Detecting IE in 12 bytes
  26. Detecting browsers javascript hacks
  27. Inline UTF-7 E4X javascript hijacking
  28. HTML5 XSS
  29. Opera XSS vectors
  30. New PHPIDS vector
  31. Bypassing CSP for fun, no profit
  32. Twitter misidentifying context
  33. Ping pong obfuscation
  34. HTML5 new XSS vectors
  35. About CSS Attacks
  36. Web pages Detecting Virtualized Browsers and other tricks
  37. Results, Unicode Left/Right Pointing Double Angel Quotation Mark
  38. Detecting Private Browsing Mode
  39. Cross-domain search timing
  40. Bonus Safari XXE (only affecting Safari 4 Beta)
  41. Apple's Safari 4 also fixes cross-domain XML theft
  42. Apple's Safari 4 fixes local file theft attack
  43. A more plausible E4X attack
  44. A brief description of how to become a CA
  45. Creating a rogue CA certificate
  46. Browser scheme/slash quirks
  47. Cross-protocol XSS with non-standard service ports
  48. Forget sidejacking, clickjacking, and carjacking: enter “Formjacking”
  49. MD5 extension attack
  50. Attack - PDF Silent HTTP Form Repurposing Attacks
  51. XSS Relocation Attacks through Word Hyperlinking
  52. Hacking CSRF Tokens using CSS History Hack
  53. Hijacking Opera’s Native Page using malicious RSS payloads
  54. Millions of PDF invisibly embedded with your internal disk paths
  55. Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
  56. Pwning Opera Unite with Inferno’s Eleven
  57. Using Blended Browser Threats involving Chrome to steal files on your computer
  58. Bypassing OWASP ESAPI XSS Protection inside Javascript
  59. Hijacking Safari 4 Top Sites with Phish Bombs
  60. Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency
  61. Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF
  62. IE8 Link Spoofing - Broken Status Bar Integrity
  63. Blind SQL Injection: Inference thourgh Underflow exception
  64. Exploiting Unexploitable XSS
  65. Clickjacking & OAuth
  66. Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk
  67. Active Man in the Middle Attacks
  68. Cross-Site Identification (XSid)
  69. Microsoft IIS with Metasploit evil.asp;.jpg
  70. MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency
  71. Generic cross-browser cross-domain theft
  72. Popup & Focus URL Hijacking
  73. Advanced SQL injection to operating system full control (whitepaper)
  74. Expanding the control over the operating system from the database
  75. HTML+TIME XSS attacks
  76. Enumerating logins via Abuse of Functionality vulnerabilities
  77. Hellfire for redirectors
  78. DoS attacks via Abuse of Functionality vulnerabilities
  79. URL Spoofing vulnerability in bots of search engines (#2)
  80. URL Hiding - new method of URL Spoofing attacks
  81. Exploiting Facebook Application XSS Holes to Make API Requests
  82. Unauthorized TinyURL URL Enumeration Vulnerability


Web Hacking Techniques 2008

  1. CUPS Detection
  2. CSRFing the uTorrent plugin
  3. Clickjacking / Videojacking
  4. Bypassing URL Authentication and Authorization with HTTP Verb Tampering
  5. I used to know what you watched, on YouTube (CSRF + Crossdomain.xml)
  6. Safari Carpet Bomb
  7. Flash clipboard Hijack
  8. Flash Internet Explorer security model bug
  9. Frame Injection Fun
  10. Free MacWorld Platinum Pass? Yes in 2008!
  11. Diminutive Worm, 161 byte Web Worm
  12. SNMP XSS Attack (1)
  13. Res Timing File Enumeration Without JavaScript in IE7.0
  14. Stealing Basic Auth with Persistent XSS
  15. Smuggling SMTP through open HTTP proxies
  16. Collecting Lots of Free 'Micro-Deposits'
  17. Using your browser URL history to estimate gender
  18. Cross-site File Upload Attacks
  19. Same Origin Bypassing Using Image Dimensions
  20. HTTP Proxies Bypass Firewalls
  21. Join a Religion Via CSRF
  22. Cross-domain leaks of site logins via Authenticated CSS
  23. JavaScript Global Namespace Pollution
  24. GIFAR
  25. HTML/CSS Injections - Primitive Malicious Code
  26. Hacking Intranets Through Web Interfaces
  27. Cookie Path Traversal
  28. Racing to downgrade users to cookie-less authentication
  29. MySQL and SQL Column Truncation Vulnerabilities
  30. Building Subversive File Sharing With Client Side Applications
  31. Firefox XML injection into parse of remote XML
  32. Firefox cross-domain information theft (simple text strings, some CSV)
  33. Firefox 2 and WebKit nightly cross-domain image theft
  34. Browser's Ghost Busters
  35. Exploiting XSS vulnerabilities on cookies
  36. Breaking Google Gears' Cross-Origin Communication Model
  37. Flash Parameter Injection
  38. Cross Environment Hopping
  39. Exploiting Logged Out XSS Vulnerabilities
  40. Exploiting CSRF Protected XSS
  41. ActiveX Repurposing, (1, 2)
  42. Tunneling tcp over http over sql-injection
  43. Arbitrary TCP over uploaded pages
  44. Local DoS on CUPS to a remote exploit via specially-crafted webpage (1)
  45. JavaScript Code Flow Manipulation
  46. Common localhost dns misconfiguration can lead to "same site" scripting
  47. Pulling system32 out over blind SQL Injection
  48. Dialog Spoofing - Firefox Basic Authentication
  49. Skype cross-zone scripting vulnerability
  50. Safari pwns Internet Explorer
  51. IE "Print Table of Links" Cross-Zone Scripting Vulnerability
  52. A different Opera
  53. Abusing HTML 5 Structured Client-side Storage
  54. SSID Script Injection
  55. DHCP Script Injection
  56. File Download Injection
  57. Navigation Hijacking (Frame/Tab Injection Attacks)
  58. UPnP Hacking via Flash
  59. Total surveillance made easy with VoIP phone
  60. Social Networks Evil Twin Attacks
  61. Recursive File Include DoS
  62. Multi-pass filters bypass
  63. Session Extending
  64. Code Execution via XSS (1)
  65. Redirector’s hell
  66. Persistent SQL Injection
  67. JSON Hijacking with UTF-7
  68. SQL Smuggling
  69. Abusing PHP Sockets (1, 2)
  70. CSRF on Novell GroupWise WebAccess


Web Hacking Techniques 2007
Cross-Site Printing (Printer Spamming)
Stealing Pictures with Picasa
HScan Redux
ISO-8895-1 Vulnerable in Firefox to Null Injection
MITM attack to overwrite addons in Firefox
Microsoft ASP.NET Request Validation Bypass Vulnerability (POC)
Non-Alpha-Non-Digit 3
Steal History without JavaScript
Pure Java™, Pure Evil™ Popups
Google Adsense CSRF hole
There’s an OAK TREE in my blog!?!?!
BK for Mayor of Oak Tree View
Google Docs puts Google Users at Risk
All Your Google Docs are Belong To US…
Java Applets and DNS Rebinding
Scanning internal Lan with PHP remote file opening.
Firefox File Handling Woes
Firefoxurl URI Handler Flaw
Bugs in the Browser: Firefox’s DATA URL Scheme Vulnerability
Multiviews Apache, Accept Requests and free listing
Optimizing the number of requests in blind SQL injection
Bursting Performances in Blind SQL Injection - Take 2 (Bandwidth)
Port Scan without JavaScript
Favorites Gone Wild
Cross-Browser Proxy Unmasking
Spoofing Firefox protected objects
Injecting the script tag into XML
Login Detection without JavaScript
Anti-DNS Pinning ( DNS Rebinding ) : Online Demonstration
Username Enumeration Timing Attacks (Sensepost)
Google GMail E-mail Hijack Technique
Recursive Request DoS
Exaggerating Timing Attack Results Via GET Flooding
Initiating Probes Against Servers Via Other Servers
Effects of DNS Rebinding On IE’s Trust Zones
Paper on Hacking Intranets Using Websites (Not Web Browsers)
More Port Scanning - This Time in Flash
HTTP Response Splitting and Data: URI scheme in Firefox
Res:// Protocol Local File Enumeration
Res Timing Attack
IE6.0 Protocol Guessing
IE 7 and Firefox Browsers Digest Authentication Request Splitting
Hacking Intranets Via Brute Force
Hiding JS in Valid Images
Internet Archiver Port Scanner
Noisy Decloaking Methods
Code Execution Through Filenames in Uploads
Cross Domain Basic Auth Phishing Tactics
Additional Image Bypass on Windows
Detecting users via Authenticated Redirects
Passing Malicious PHP Through getimagesize()
Turn Any Page Into A Greasemonkey Popup
Enumerate Windows Users In JS
Anti-DNS Pinning ( DNS Rebinding ) + Socket in FLASH
Iframe HTTP Ping
Read Firefox Settings (PoC)
Stealing Mouse Clicks for Banner Fraud
(Non-Persistent) Untraceable XSS Attacks
Inter Protocol Exploitation
Detecting Default Browser in IE
Bypass port blocking in Firefox, Opera and Konqueror.
LocalRodeo Detection
Image Names Gone Bad
IE Sends Local Addresses in Referer Header
PDF XSS Can Compromise Your Machine
Universal XSS in Adobe’s Acrobat Reader Plugin
Firefox Popup Blocker Allows Reading Arbitrary Local Files
IE7.0 Detector
overwriting cookies on other people’s domains in Firefox.
Embeding SVG That Contains XSS Using Base64 Encoding in Firefox
Firefox Header Redirection JavaScript Execution
More URI Stuff… (IE’s Resouce URI)
Hacking without 0days: Drive-by Java
Google Urchin password theft madness
Username Enumeration Vulnerabilities
Client-side SQL Injection Attacks
Content-Disposition Hacking
Flash Cookie Object Tracking
Java JAR Attacks and Features
Severe XSS in Google and Others due to the JAR protocol issues
Web Mayhem: Firefox’s JAR: Protocol issues (bugzilla)
0DAY: QuickTime pwns Firefox
Exploiting Second Life

Web Hacking Techniques 2006
The Attack of the TINY URLs
Backdooring MP3 Files
Backdooring QuickTime Movies
CSS history hacking with evil marketing
I know where you've been
Stealing Search Engine Queries with JavaScript
Hacking RSS Feeds
MX Injection : Capturing and Exploiting Hidden Mail Servers
Blind web server fingerprinting
JavaScript Port Scanning
CSRF with MS Word
Backdooring PDF Files
Exponential XSS Attacks
Malformed URL in Image Tag Fingerprints Internet Explorer
JavaScript Portscanning and bypassing HTTP Auth
Bruteforcing HTTP Auth in Firefox with JavaScript
Bypassing Mozilla Port Blocking
How to defeat
A story that diggs itself
Expect Header Injection Via Flash
Forging HTTP request headers with Flash
Cross Domain Leakage With Image Size
Enumerating Through User Accounts
Widespread XSS for Google Search Appliance
Detecting States of Authentication With Protected Images
XSS Fragmentation Attacks
Poking new holes with Flash Crossdomain Policy Files
Google Indexes XSS
XML Intranet Port Scanning
IMAP Vulnerable to XSS
Detecting Privoxy Users and Circumventing It
Using CSS to De-Anonymize
Response Splitting Filter Evasion
CSS History Stealing Acts As Cookie
Detecting FireFox Extentions
Stealing User Information Via Automatic Form Filling
Circumventing DNS Pinning for XSS XSRF vuln
Browser Port Scanning without JavaScript
Widespread XSS for Google Search Appliance
Bypassing Filters With Encoding
Variable Width Encoding
Network Scanning with HTTP without JavaScript
AT&T Hack Highlights Web Site Vulnerabilities
How to get linked from Slashdot
F5 and Acunetix XSS disclosure
Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning
Google plugs phishing hole
Nikon magazine hit with security breach
Governator Hack
Metaverse breached: Second Life customer database hacked
HostGator: cPanel Security Hole Exploited in Mass Hack
I know what you've got (Firefox Extensions)
ABC News (AU) XSS linking the reporter to Al Qaeda
Account Hijackings Force LiveJournal Changes
Xanga Hit By Script Worm
Advanced Web Attack Techniques using GMail
PayPal Security Flaw allows Identity Theft
Internet Explorer 7 "mhtml:" Redirection Information Disclosure
Bypassing of web filters by using ASCII
Selecting Encoding Methods For XSS Filter Evasion
Adultspace XSS Worm
Anonymizing RFI Attacks Through Google
Google Hacks On Your Behalf
Google Dorks Strike Again