For the second consecutive year, security experts at Positive Research were named in Top 10 Web Hacking Techniques, organized by WhiteHat Security. Now in its ninth year, the Top 10 Web Hacking Techniques list encourages information sharing, provides a centralized knowledge base, and recognizes security researchers who contribute excellent work. This year’s top ten included the research study XML Out of Band Data Retrieval by Positive Research experts Alexey Osipov and Timur Yunusov.
The two first presented their hacking technique at Black Hat Europe 2013, entitled XXE OOB. Later that year, this technique was used by Positive Technologies to help detect and fix new types of vulnerabilities in Microsoft Office, Oracle software and Siemens SCADA components. Similar security flaws were detected even in ModSecurity, a popular open source firewall designed to protect web applications.
Jeremiah Grossman, an information security specialist also known as “MafiaBoy” and the Technical Director at WhiteHat Security, in cooperation with an expert panel of judges prepares the list of the most interesting methods used during the past year to detect and exploit web vulnerabilities. The winning attack techniques include only the most exceptional and modern approaches to web application attacks.
This year’s panel of judges included the likes of Ryan Barnett, Robert Auger, Robert Hansen (CEO, Falling Rock Networks), Dinis Cruz, Jeff Williams (CEO, Aspect Security), Peleus Uhley, Romain Gaucher (Lead Researcher, Coverity), Giorgio Maone, Chris Wysopal, Troy Hunt, Ivan Ristic (Director of Engineering, Qualys) and Steve Christey (MITRE).