Published: 31 December 2019 at 14:39 UTC
Updated: 07 September 2020 at 13:49 UTC
Update: the results are now in! View them here: Top 10 web hacking techniques of 2019
Nominations for the top 10 new web hacking techniques of 2019 are now open!
Every year, professional researchers, seasoned pentesters, bug bounty hunters and academics release a flood of blog posts, presentations, videos and whitepapers. Whether they're suggesting new attack techniques, remixing old ones, or documenting findings, many of these contain novel ideas that can be applied elsewhere.
However, in these days of vulnerabilities arriving equipped with logos and marketing teams it's all too easy for innovative techniques and ideas to get missed in the noise, simply because they weren't broadcast loudly enough. That's why every year, we work with the community to seek out and enshrine ten techniques that we think will withstand the test of time. (We also take offline backups, just in case).
We'll select the top 10 using roughly the same process as last year:
We're planning one significant change from last year. The community nominations have previously been completely unfiltered, but last year that lead to an excessive number of choices for the community vote stage. As such, this year we will enforce a minimum bar for quality - posts that exclusively discuss known techniques and have no novel concepts will be filtered out prior to the community vote. I will also consolidate posts where there's posts on closely related topics - for example, XSLeaks.
To make a nomination, either use this form or post the URL as a comment on our new r/websecurityresearch subreddit. Feel free to make multiple nominations, or even nominate your own research if you think it's worthy.
If you'd like to see some examples of the type of material we're looking for, take a look at last year's top 10. We've also made some initial nominations ourselves.
PS If you've got experience doing this kind of research yourself, we're hiring.