Jeremiah Grossman: Final Fifteen - Web Hacking Techniques

Open community voting completed last week. From the ~67 Web hacking techniques, we’ve gotten down to the final fifteen (see below). Congratulations to all the researchers whose work made it. Also, thank you very much to all those who took the time to complete the survey. There were a total of 74 respondents, 63% of which were“Breakers” and the other 37% “Builders.” Good representation.

Now it’s time for the final phase where our panel of security experts vote on the list (same position point system) to determine the Top Ten Web Hacking Techniques of 2010. All those on the panel have substantial industry technical experience, domain knowledge in application security, and do not have entries on the list.

This year we’re very pleased to have:
Ed Skoudis (InGuardians Founder & Senior Security Consultant)
Giorgio Maone (Author of NoScript)
Caleb Sima (CEO, Armorize)
Chris Wysopal (Veracode Co-Founder & CTO)
Jeff Willams (OWASP Chairman & CEO, Aspect Security)
Charlie Miller (Consultant, Independent Security Evaluators)
Dan Kaminsky (Director of Pen-Testing, IOActive)
Steven Christey (Mitre)
Arian Evans (VP of Operations, WhiteHat Security)

Final Fifteen

BIO

Jeremiah Grossman brings 20+ years of experience in Computer Security and has become one of the most recognizable and world-renowned cybersecurity experts in the industry, coining several of the original hacking terms commonly used around the world today. Early in his career, Jeremiah was known as “The Hacker Yahoo” which led to his role as the company’s Information Security Officer. Jeremiah founded WhiteHat Security (now Synopsis), and served as Chief of Security Strategy for SentinelOne which was the highest-valued cybersecurity IPO in history. Most recently, Jeremiah was the founder & CEO of Bit Discovery, which was acquired by Tenable in 2022. He also serves as a company advisor and board member to several tech startups. In his spare time, Jeremiah does Brazilian Jiu-Jitsu and is passionate about classic cars. He recently opened Toybox, a luxury car club in Boise, Idaho.

6 comments:

Anonymous said...: Link to Universal XSS in IE8 is broken; January 11, 2011 at 6:23 PM
Jeremiah Grossman said...: @anonymous it was working yesterday, for some reason they removed the files with no pointer. tried contacting the authors, but they haven't responded. any other working references would be much appreciated.; January 11, 2011 at 6:47 PM
Jim Manico said...: Jeremiah, here is the CVE link for universal XSS in IE.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1489

Nice work, I enjoyed this post and research.; January 11, 2011 at 7:33 PM
Jim Manico said...: Here is a better link for the Universal XSS ie8 technique: the google cache version of the original research.

I had to shorten it since blogger was rejecting some of the characters in the original URL.

http://bit.ly/fmSNzA; January 11, 2011 at 7:37 PM
Jeremiah Grossman said...: @Jim, thanks for the help!; January 12, 2011 at 8:33 AM
Jeremiah Grossman said...: The link for 'Universal XSS in IE8' is back in action!; January 12, 2011 at 9:23 AM

Monday, January 10, 2011

Final Fifteen - Web Hacking Techniques

6 comments: